By Ed Avis
One day in August 2018, Lisa Tipps and her employees at Dynamic Reprographics in Austin walked into the shop and noticed an odd message on nearly every computer screen: “If you want your computers back, go to this link and pay.”
Other than that message, the computers were frozen. They couldn’t access files, use software, or do anything else. Tipps immediately realized what was wrong: Dynamic was the victim of ransomware.
“I don’t even remember how much they said we were supposed to pay, but it was in the thousands,” Tipps says. “I had heard so often that you’re not supposed to pay, so I said we weren’t going to do that. I said, ‘We’re going to rebuild.’”
What is Ransomware?
Ransomware is a type of malicious software, like a virus, that prevents a company from using its computers. People spread ransomware widely, knowing that most of it gets stopped by virus blockers. But occasionally, as in the case at Dynamics, the malware finds a target with a vulnerability.
Tipps says she and her employees had always followed basic virus protections, such as maintaining safe passwords and watching out for phishing emails. And they had virus protection software.
However, Tipps learned later that they had a major vulnerability: Their system had a remote connection to a vendor that was left open instead of being closed when the vendor didn’t need to use it. That evidently allowed the malware to evade the basic protections Dynamic had set up and take control of their computers.
Rebuilding
The type of malware that infected Dynamics’ computers could not be removed; the system had to be wiped clean to get rid of it. Of course, wiping the system clean meant all their files were wiped out, too. Tipps assumed the backups they had created would allow them to quickly rebuild, but she was wrong: The IT company she had been employing for a couple of years had not been creating a thorough backup.
“The malware wouldn’t have been such a big deal if the IT company had made a thorough backup,” Tipps says. “I assumed we were backed up, but we weren’t. It should’ve been a red flag to me that the IT person who explained things to me was not good at translating his own thoughts into basic English. So since I’m not super technical myself, it was not clear to me that we were not backed up.”
Fortunately, there were some incomplete backups available, and three of the 30 workstations in the office were not connected to the server, so they were unaffected. And they were able to use thumb drives as connections to their printers. Thus they were able to get the shop up and running at partial capacity immediately.
“We didn’t have to close, thanks to everybody figuring out how to keep serving our customers,” she says. “But the servers weren’t working, which meant no invoicing, so we had to go back to doing everything by hand like the old days. We kept track of everything by paper for three days. It was real stressful.”
Eventually Tipps’ team and the IT company rebuilt the system by using the partial backups, old files discovered in gmail, and files they created from scratch by entering data from paper files.
“I think it took probably a couple of months to get everything rebuilt,” Tipps says. “We were lucky in a way because we were able to keep functioning and because really all we had to do was rebuild the three servers and 25 to 30 workstations. So it cost maybe $30,000 plus a lot of overtime. Compared to how some people get bit, we lucked out.”
Afterwards
As soon as Tipps learned that her IT company had not been backing up the system properly, she began searching for a new one.
“The company we were working with was small, and that worked for a couple of years. But when this happened, boy oh boy I chose the best IT company I could get,” she says.
The new IT company quickly identified the open connection to the vendor and shut that vulnerability. Tipps contacted that vendor and they were puzzled because no one else had reported a problem with that method. But of course they agreed to change the connection to a more secure way.
Tipps also ensured that the backup was done properly from that point on, and she invested in a spare server, just in case. Furthermore, she added two other types of virus protection software to the system. Finally, she had her employees go through cybersecurity training.
Tipps, who sold her company to Thomas Printworks in January, has this advice for fellow APDSP members: “The world has gotten more dangerous – don’t take it lightly. Go ahead and invest in outside IT help if you don’t have a serious IT department. And find an IT company that knows how to communicate well, whose brains aren’t so technical that they can’t explain what is and what isn’t working.”