Ransomware: Hacked & Jacked

At 3:30 on Sunday, July 7, I was ready to leave after working all day. At this moment, I saw on my server screen what turned out to be one of my worst nightmares. It said all of my files had been encrypted. After making a few calls, one of them being to the person I hired to protect my network, I found out that I got hit with ransomware!

For those that don’t know, I have been stressing for quite some time now the importance of us protecting and securing our data, as well as our networks. We have invested a lot of time, work, and money to ensure that our network and data is secure. So, this came as quite a shock to me. As we looked into it, we found that they had encrypted all of my backup files, which is all of my critical data. Besides the nightly backup that is done by Hollander, we also run a local backup to an external hard drive. Because I still had the external hard drive plugged in, they scrambled that too.

You can imagine the feeling that I had when I talked to Hollander and they told me that I would have to re-stage my server and said the process would go faster if I had a local backup. The hackers also disabled my server from being able to run any backups. I had a very good friend come to our rescue and he was able to restore the ability of our server to run a backup. Because I had Powerlink still open on my desktop, and the ransomware couldn’t attack any running task, my plan was that we would still be able to operate, sell parts and conduct business as usual on Monday. We would then do a complete backup, and do this server re-stage after hours.

One of the frustrating things that I asked my IT guy responsible for security was, I want to know, if possible, what the reason was that they got into our server with all of the safeguards we have in place to prevent this from happening. I also had him look at what they wanted for ransom. The price was $4500 USD in Bitcoin. While this was just out of curiosity on my part, my guy said it would be a bad idea to pay them anything and that even if I did, there is no guarantee that I would get my files unlocked.

On my way into work on Monday morning, I got a call from another Recycler telling me he also got hit with ransomware! Now I knew I wasn’t alone, and it probably wasn’t something that we were directly responsible for. As the day went on, the news hit that more and more recyclers got tagged. I found out that this “attack” hit everyone around 3:00 pm CST Sunday, July 7. So, for most, this was designed to be quite a shock to come back to after a long holiday weekend. The severity varied, we were lucky, some folks were shut down completely! While these were all Hollander customers, it was finally determined that this all traced back to a problem with a third-party, top-tier provider that Hollander uses for remote customer support. By the way, Hollander wasn’t the only victim in this, and I’m sure as this story evolves, we will all hear more and more about others falling victim.

The important thing to realize here is that the bad guys are making a lot of money from this. As long as they are making money, these kinds of acts will continue.

So, what can we do to protect ourselves now?

  1. Do daily local backups of your data and your images. Invest in a removable hard drive and do daily local backups. Remove this drive when done. Do not leave it plugged in! Store this hard drive in a separate building. This will be the quickest, most reliable, and best way to restore your data in the event of a loss.
  2. Passwords. Make sure you have passwords that aren’t simple or easily guessed. You should also change them periodically.
  3. If you don’t have virus protection, get it, and make sure you’re running updates for your virus protection as well as Windows.
  4. Be smart when browsing the internet. Limit uses to business only. Never click on links or open attachments on any unsolicited emails. If you don’t know who the email came from, delete it.
  5. Limit who has access to your server. Restrict their permission to install and/or run software applications. Make sure that they have no open (pinned) applications running. In other words, once they are done, do not leave the door open.
  6. Have spam filters to scan all incoming and outgoing data to detect any threats and filter executable files from reaching the end users. Have firewalls in place and configure them to block access to any known malicious IP address.

I can tell you that this has been one heck of a painful lesson for me, and it has made me smarter. We are taking measures to protect ourselves and ensure that in the event this does happen again, we have our butts covered.

If I was a cat with 9 lives, this used up 8 of them!

I guess what doesn’t kill you makes you stronger, right?

Marty Hollingshead

ARA Secretary · Northlake Auto Recyclers — Hammond, IN

Hollingshead has been in the professional automotive recycling industry for 45 years, including 34 years as President/Owner of Northlake Auto Recyclers, one of the industry’s leading facilities. Hollingshead prides himself on taking a hands-on approach in the business, employing the use of checks and balances for quality control to ensure customers only receive the highest quality parts. Northlake was one of the first automotive recycling facilities in the state of Indiana to receive from the Indiana Department of Environmental Management the Indiana Clean Yard – Gold Level Certification in 2009. Northlake was certified as one of the Indiana Certified Automotive Recycler Exemplary Standards (INCARES) program’s inaugural medalists and was the highest scoring facility in Indiana in 2014, 2015, 2016, 2017, and tied for first place in 2018. Northlake was also the recipient of the 2016 ARA Certified Automotive Recycler of the Year award, having been nominated by his peers in the industry.