Government, Business and Client’s Files Suddenly Inaccessible? “Just Send $12,000 in Bitcoin” | Ron Benvenisti

A few days ago, I got a call from the owner of a Lakewood IT company that manages the networks and applications of 10+ companies. He tells me, “I tried to log into my admin console and I’m getting a message that says, “Error Decrypting” with a number to call to decrypt my files. Before I even call the number, one of my medical clients calls to tell me nobody in their office can access their server. All their files are trashed. Now I find out that all my technicians are saying all their passwords don’t work.” I ask him if a tech forgot their Passphrase, did he mess up the Multi Factor Authentication?” He says he didn’t set that up. So, what happened? What can they do about it?

First, there are only a couple of ways this can happen: The hard drive crashed, but in this scenario, it is unlikely that all the workstations at the Managed Service Provider and the client crashed simultaneously. Another way is if they all got run over by a truck. Of course, that didn’t happen. There’s only one option left, and because the message said to call this number to decrypt, it was Ransomware.

So, he made the call. $12,000 and they would decrypt the files. He tried to bargain with them, nothing doing. $12,000 in bitcoin. Period.

I asked him how much the business was worth to him. He told me he does about $200,000 a year. I asked him how many are medical? He said about $130,000. Is it worth $12,000 to get your business back? He hesitated. I asked him if he was prepared to be sued by his clients and pay fines mandated by HIPAA (Health Insurance Portability and Accountability Act) because at this point, he could not possibly meet the even the minimal rule requirements:

  • Ensure the confidentiality, integrity, and availability of all electronic protected health information
  • Detect and safeguard against anticipated threats to the security of the information
  • Protect against anticipated impermissible uses or disclosures
  • Certify compliance by their workforce

HIPAA fines could run into the millions of dollars with fines for each instance on each client. Is it worth $12,000 to save your business, your reputation, expensive legal battles, and mandatory fines?

He hesitated and said he would try to negotiate a better deal again and get back to me. In the meantime, I could hear phones were ringing off the hook, all the admins and technicians were freaking out. “We’re working on it.” Meanwhile, no deal. He had 4 hours to pay or else forget it. The last backup of his customer’s files was from two weeks ago. That’s bad management on top of everything else.

Bottom line is, he would have to completely wipe all the affected machines of his and the client workstations and servers (including his own non-tech employees), reinstall all the operating systems, applications, databases, and their access privileges before he could reinstall the old backup files. And… immediately change every password on the system, across the board, and put in passphrases and multi factor authentication on each one at the same time. That could take weeks. Even so, if there were two weeks of customer data, especially medical billing missing, its game over anyway.

I got a call back saying he made a deal where the files would be decrypted for $10,000. I truthfully told him that in many cases they’ll take the untraceable bitcoin and leave you hanging. Especially since you’ve developed a not-so-good relationship with the crook.

This is a more common scenario than the average community member has heard about. Maybe you were a victim. Maybe you were affected by someone else’s system. Maybe you were and the ransom worked and soon the ransom paid off and,

“We’re working on it.”

was acceptable to the client(s). Maybe not. In any case, it’s not exactly the kind of thing you would want to advertise.

Recently, Somerset County Clerk and Surrogate services that depend on access to county databases were temporarily unavailable due to a ransomware attack Land records, vital statistics, and probate records were all affected. Title searches are possible only on paper records dated before 1977. 1977!

This ransomware attack has forced officials in a 345,000-person New Jersey county to switch off their computers and set up temporary Gmail accounts so the public can email key agencies such as the health, emergency and sheriff’s departments. Inexcusable.

“We are working hard to ensure vital services the public depends on continue to be delivered, such as recycling, road maintenance, and transportation for seniors,” said Somerset County Administrator Colleen Mahr. “We have an outstanding IT department that is working around the clock to evaluate our situation, prevent further damage, and ultimately recover.” I wish them luck, but they need a lot more than that, read on.

No matter what the reason is, a drive crash, a new computer, the laptop was run over by a truck, a software update, malware, or careless file deletes, or something else, and then something else, etc., the root cause is that the Private Encryption Key for that tech (they MUST have one) has been lost, they lost access to it or likely they never had one to begin with.

There is a way to fix this. Before it can happen and even after it does if you have taken the necessary precautions.

What is known by all competent security professionals is strong asymmetric encryption where only the specific tech and/or admin is the only one that should ever see the credential and can decrypt the credential information that is managed for them. This depends on them having what is called their own Private RSA key.

Without this, the ransomware attacker can use their own key to encrypt your files. If you’re lucky, they will decrypt or as oftentimes happens they will not. Once they have your money, they still have the ball.

On the tech’s computer that key is stored in a special directory in their user’s folder. Everything in this folder is further encrypted, so you can’t just look at it and know the key. If you really care about security and being protected from as many threat vectors as possible, this is how it’s done. Even admin access to a tech’s laptop can’t allow a hacker access to their credentials or your clients’ networks.

This is a time-consuming process with many necessary technically intensive tasks that need to be performed in the right order as quickly as possible. Until this is done, you and your clients are out of business and no client will have the patience to stop they’re business while you attempt to gain back access. But they will have because they have trusted you to run the show and now the curtains have come down.

What if there was an automated way to fix this once and for all?

For over eleven years, as a member of the DHS, USSS NY-NJ Electronic Crimes Task Force and FBI Infragard I have been working on cybersecurity solutions alongside the DHS, DOD, The Navy, The Air Force, FAA, The US Strategic Command, FEMA, the public and private sectors.

I am happy to report that there is now an effective, automated, efficient, and inexpensive way to prevent and fix these issues quickly available to any size MSP. What would normally take weeks is done in a couple of days after a very easy and simple install.

This field proven software covers any Managed Service Provider’s architecture, whether on-premises, in the cloud (like AWS) or hybrid configuration no matter how many clients they manage. After a quick install you can use it for a week. If it works for you by providing you with the total security you need, reduces your management efforts, and automatically provides bulletproof security for every technician, admin and client networks and users, which it will, keep it and pay an inexpensive monthly fee or remove it and take your chances. In fact, the next morning everything should be back to normal.

The return on investment is incomparable to any other product out there. When you consider the inexpensive cost compared to the cost of lost business, reputation, litigation, and fines due to lack of compliance from any regulatory entity like HIPAA, PCI-DSS, etc., this is a no-brainer. It’s your choice. It’s your future as well as your clients.

If you have been impacted or need protection, don’t hesitate to email me via The Lakewood Scoop.

This content, and any other content on TLS, may not be republished or reproduced without prior permission from TLS. Copying or reproducing our content is both against the law and against Halacha. To inquire about using our content, including videos or photos, email us at [email protected].

Stay up to date with our news alerts by following us on Twitter, Instagram and Facebook.

**Click here to join over 20,000 receiving our Whatsapp Status updates!**

**Click here to join the official TLS WhatsApp Community!**

Got a news tip? Email us at [email protected], Text 415-857-2667, or WhatsApp 609-661-8668.

5 COMMENTS

  1. Mr. Benvenisti has helped innumerable people, non-profits and businesses in Lakewood and beyond. I have been reading and benefiting from his articles for over 10 years and received tremendous benefit for his advice and technical expertise. without spending a penny. If he has something to offer that is initially free, and you have the choice to use it or not. I fail to see if that is an ad. And if Hashem gives him a parnassah, what does it have to do with you and your implications? The information in this article is, as usual, worth its weight in gold, Considering all the Chesed he has done for the Kehilla, Mr Benvenisti does not need any advertising. So what is the solution to your question? Why shouldn’t he earn a living, ad or not. He has rightfully gained the community’s trust.

  2. An ad? are you off the wall?
    It’s one of the best pieces of practical advise.
    I hope you never get into that type of situation, or rather you do not get hired by a Company that could have these issues.

  3. Infrassist technologies is a managed it services , noc services and professional services provide based in india. we have 75+ globally partners msp across 15+ countries.

Comments are closed.