News and Opinion from Sisters, Oregon
It was a sickening punch in the gut.
Last week, one of the staff at Lakeview Millworks in Sisters told owner/operator Brad King that she couldn't get into some of her files. King investigated.
"My jaw dropped as I realized that a lot of files were frozen," he told The Nugget.
He found encryption that included a particular word: Thor. He contacted the company he uses for tech support and got bad news: "They said, 'Oh my gosh - you guys have gotten the Thor virus.' We were virtually shut down; completely shut down."
The virus not only freezes files - it holds the owner of those files for ransom. A "ransom note" was embedded throughout the system. King was told to go to a website where he was instructed on how to purchase bitcoin to pay the ransom. The hijackers wanted $2,800.
"My first gut reaction was 'oh my gosh, we're shut down, we can't operate - we have to pay the ransom,'" King said.
His technical consultants advised against it.
"'We don't pay terrorists,' was the comment," King recalled. "And there's no guarantee that they won't do it again."
In fact, the technicians told him, a Bend company paid the ransom, then was hit again three times in a month.
Everything to do with the company's operations was affected.
"We went into crisis management," King said.
Hours of work went into reassembling data from saved trash boxes, and technicians scrubbed and rebuilt the system. A week after the attack, King and his staff were still working to get past its effects.
"We're not done," he said. "We came to the conclusion that we were going to lose a lot of data."
King doesn't know how the virus got into his computer system. It may have been planted by an attachment to an email. Such attachments are cleverly disguised to resemble business emails. For example, a "confirmation" can be a malicious attachment. And in King's business there are "confirmations coming and going all day long."
Antivirus software is not an adequate protection.
"We have antivirus software," King said. "It blew through that."
The first line of defense is to simply view each email skeptically and err on the side of caution if something looks "off."
"Don't open it," King advised. "If you don't know who it's coming from, don't open it. That's the only thing that everybody's telling me we can do."
Complicating security precautions is the fact that people's address books can be hacked, so you may get malicious emails from an address you recognize. The best policy is to avoid opening any suspicious attachment. Confirm with the sender that it is legitimate.
Multiple and varied back-up systems can help recover data if a whole system is compromised.
Such attacks are hard to trace and most likely come from overseas. It is a criminal enterprise that evolves and changes quickly to exploit any vulnerability. And its effects can be devastating.
Reader Comments(0)