Prevention is the only cure

“Hello Tech Support, I cannot see the data in my excel file. It is showing some junk other than the data. Can you help me out?” a user from an Insurance company complained to his tech team.
“Sure, I will be there”

That was the second call from the Customer Relationship Management (CRM) team that the tech team received since this morning for the corrupt files. So the tech lead went to the caller to fix the issue. The tech lead double clicked on the excel file. It opened. And it displayed some message that shocked the techie. He quickly called his manager on the phone to update him regarding the message from the excel sheet. The manager came. He read the message “Your file is encrypted with RSA 4096 encryption ….”

“Ransomware” the manager concluded. But he did not disclose it to the CRM user. Asked the techie to run a scan and asked to call the antimalware vendor onsite immediately.

“There is one more case in the CRM dept.” the techie said. The manager looked a little tensed. “OK, run scan on both the systems and the common file server and tell the users that there was a virus which needs to be cleaned.”

He then immediately called up the CIO to update about the Ransomware infection. The CIO called an urgent meeting of all the IT Managers in his cabin.

“So what are we dealing with here?” The CIO asked the Manager.

“Well, we have 2 cases of Ransomware in the CRM dept. The ransomware has encrypted all the files using RSA 4096 encryption and unless we pay we cannot recover the files. The ransom is huge and in we have to pay it in ransom in Bitcoins. Moreover there is no guarantee that they will release the encryption codes”.

The CIO looked was taken back a little. He was aware of ransomware, only that he did not expect to see them in his setup
“But how did it happen?”

“It came from the CRM application. And lack of awareness. Our customers send us files which are checked and verified by the CRM users. In our case the users received an email with an Invoice file in it. The users opened the files from the email. The files were nothing but ransomwares. They activated and encrypted all the files (excel, word, image files) and traversed up to the user’s common folder in the common file server and encrypted the files on the file server.”

“Are you saying the common file server is infected?” The CIO got worried.
“Only the infected user’s folder” the manager replied.
“And how many users are affected?” the CIO got a little upset
“Total three as of now“
“So what is the action plan? Are we going to stop the infection or what?” The CIO ordered to know.

“I had immediately called the antimalware vendor to be at the site. He should be here any moment. I have already spoken to the vendor Service Manager about the ransomware. They have a solution which will be patched and some settings to be done. I will personally get it done on highest priority.” The manager assured. “But the files cannot be recovered unless they were backed up.”

“Alright, you go ahead with that and keep me posted. Meanwhile, create an awareness mailer on how to deal with the emails and attached files from unknown and unrelated senders. Send across the organization. If possible schedule an awareness program specifically for the CRM team today or tomorrow. And make sure nobody outside this cabin comes to know about the ransomware infection. This is important as otherwise it will create panic amongst the employees. And we don’t want to be in the news for the wrong reasons.”

“Yes sir, will take care of this” the manager assured.

So next time you get an invoice or word document from an unrelated user, you know what to do. Because with ransomware, prevention is the only cure!