I was reading breaking news articles over the weekend of America’s 4th July and saw some shocking news about SMB customers getting hacked in their thousands.
While Europeans were having a weekend, and Americans were partying, thousands of small and medium businesses were hit within minutes – all their data encrypted and a bill for $45,000 to recover it… which goes up if they delay more than 48 hours.
The worst thing about this? It happened because of the software tool Kaseya that lots of IT companies use to manage the IT of their customers. Flywheel doesn’t use that software, but this isn’t about the tool, as any tool can be hacked. I was watching a webinar from Sophos dissecting the hack (great technical info if you’re into that too).
What shocked me was how many businesses were hit, and how easily some were. What wasn’t a shock, is how many customers were NOT hit.
You see, every customer with the Sophos anti-ransomware protection, as well as many other vendors’ anti-ransomware tools were saved. These tools watch for activity that looks like ransomware… encryption, deleting backups, deleting shadow copies, acting like an admin person… and when they see it they immediately block that action.
These hackers were smart – very smart. They are a known group that has extorted multiple millions. They timed this when IT people won’t be watching the system. They wrote their hack to work within minutes, so regular tools to protect the network from “normal” hacks won’t trigger.
We make our customers buy security tools like anti-ransomware. Some see that as draconian and hard line. We will even make a customer sign a waiver that they have specifically chosen not to buy this and other software.
Why would we do something that risks losing customers? Because as this proved, having these tools is part of a complete security package and those people without it had their whole IT businesses destroyed.
Think about this:
- It doesn’t matter where the customers were; it was indiscriminate and hit people all around the world.
- It didn’t matter the size of the business or what industry they were in; it was indiscriminate and hit anyone without security tools installed.
- Having the basic Microsoft Defender was not enough – the first thing this hack did was turn that it off on every machine.
- It didn’t matter if it wasn’t an important machine – all machines (servers, PCs, laptops, CCTV recording stations… everything) all were hit indiscriminately.
The simple answer is that you need an anti-ransomware tool installed on all machines. More than that, the Sophos webinar showed that you also can’t have exclusions in that tool, so your IT company needs to both install it AND set it up correctly.
If your IT company doesn’t require you to have anti-ransomware software, the simple fact is they don’t value your security. The managed services engineers at Flywheel make sure their customers are protected from this type of attack. Unless you can easily afford paying the $45,000 ransom to unlock your PCs, a couple of hundred for the year is a more sensible option. Speak to one of our consultants to have this installed on your network.