Auto Recyclers Toolbox
A Tradeshow in Print

The Toolbox Online

A Tradeshow Online!

Ransomware! Hacked and Jacked!

marty hollingshead 1.jpeg

By Marty Hollingshead

I was at work Sunday and at 3:30pm, when I was ready to leave after working all day, I saw on the screen of my server what turned out to be one of my worst nightmares. It said all of my files had been encrypted. After making a few calls, one of them being to the person I hired to protect my network, I found out that I got hit with ransomware!

It was a shock!

For those that don’t know, I have been stressing for quite some time now the importance of us protecting and securing our data, as well as our networks. We have invested a lot of time, work, and money to ensure that our network and data was secure, so this came as quite a shock to me. As we looked into it, we found that they had encrypted all of my backup files, which is all of my critical data. Besides the nightly backup that is done by Hollander, we also run a local backup to an external hard drive, but because I still had it plugged in, they scrambled that too.

So, you can imagine the feeling that I had when I talked to Hollander and they told me that I would have to re-stage my server and said the process would go faster if I had a local backup. The hackers also disabled my server from being able to run any backups. I had a very good friend come to our rescue and he was able to restore the ability of our server to run a backup. Because I had Powerlink still open on my desktop, and it couldn’t attack any running task, my plan was that we would still able to operate, sell parts and conduct business as usual on Monday. We would then do a complete backup, and do this server re-stage after hours.

$4,500 ransom demand!

One of the frustrating things that I asked my IT guy, responsible for security, was, “I want to know, if possible, what the reason was that they got into our server with all of the safeguards we have in place to prevent this from happening.” I also had him look at what they wanted for ransom. The price was $4,500 USD in Bitcoin. While this was just out of curiosity on my part, my guy said it would be a bad idea to pay them anything and that even if I did, there is no guarantee that I would get my files unlocked.

We were not alone!

On my way into work on Monday morning, I got a call from another Recycler telling me he also got hit with ransomware! Now, I knew I wasn’t alone, and it probably wasn’t something that we were directly responsible for. As the day went on, the news hit that more and more recyclers got tagged. I found out that this “attack” hit everyone around 3pm, Central, Sunday. So, for most, this was designed to be quite a shock to come back to after a long holiday weekend. The severity varied, we were lucky, some folks were shut down completely! While these were all Hollander customers, it was finally determined that this all traced back to a problem with a third-party, top-tier provider that Hollander uses for remote customer support. By the way, Hollander wasn’t the only victim in this, and I’m sure, as this story evolves, we will all hear more and more about others falling victim.

The important thing to realize here is that the bad guys are making a lot of money from this. As long as they are making money, these kinds of acts will continue.

So, what can we do to protect ourselves, now?

1. Do daily local backups of your data and your images. Invest in a removable hard drive and do daily local backups. Remove this drive when done. Do not leave it plugged in! Store this hard drive in a separate building. This will be the quickest, most reliable, and best way to restore your data in the event of a loss.

2. Passwords. Make sure you have passwords that aren’t simple or easily guessed. You should also change them periodically.

3. If you don’t have virus protection, get it, and make sure you’re running updates for your virus protection as well as Windows.

4. Be smart when browsing the internet. Limit uses to business only. Never click on links or open attachments on any unsolicited emails. If you don’t know who the email came from, delete it.

5. Limit who has access to your server. Restrict their permission to install and/or run software applications. Make sure that they have no open (pinned) applications running. In other words, once they are done, do not leave the door open.

6. Have spam filters to scan all incoming and outgoing data to detect any threats and filter executable files from reaching the end users. Have fire-walls in place and configure them to block access to any known malicious IP address.

Painful lesson!

I can tell you that this has been one heck of a painful lesson for me, and it has made me smarter. We are taking measures to protect ourselves and ensure that in the event this does happen again, we have our butts covered.

If I was a cat with nine lives, this used up eight of them!

I guess what doesn’t kill you makes you stronger, right?

Marty Hollingshead

Marty Hollingshead

Marty Hollingshead has been in the business since 1973 and the owner of Northlake Auto Recyclers, Inc., Hammond, Indiana, since 1984. Marty is the current Secretary of ARA, and is a board member of the Indiana Automotive Recyclers Association. Both Marty and Northlake have received numerous awards and recognition for excellence in the industry and the community. You can reach Marty by phone: 219-937-3960, or visit his website: www.narparts.com.