Friday, July 29, 2016

Tech support tragedy of the day

Accounting firm gets a Cryptolocker infection, which blows through their main file server like a dose of salts and encrypts the lot.

Faced with a ransom of thousands of dollars, incrementing by the hour, and a deadline before the decryption key is lost forever, the firm's IT consultant decides to wipe the server and restore from backup.  He long ago set them up with Carbonite cloud backup so no loss other than restore time.

Having scrubbed the drive array - so the files and encryption hash are now gone, even if they paid the ransom - the IT consultant now discovers he can't remember the password to the backups.  Carbonite uses 1024 bit encryption.


Backup plan - reimport the private encryption key directly, if that's present the password is not required.  Where is the key stored?  Oh yeah... on the server.


Last resort plan - the owner of the firm should still have the private encryption key in their e-mail.  Only the server was affected so the .PST file should be unencrypted.  The owner's response: ""I don't keep anything sensitive in my e-mail because it's not secure."

Game over.

The accounting firm has lost 20 years of customer files that might be relied on for tax or legal use, all of their workflow templates, their own business and personnel records, down to and including their own company incorporation documents.  They're going out of business, and that's before their customers start suing them for professional negligence and costs incurred.

The IT consultant firm doesn't have errors and omissions insurance, so they're going out of business too once the accounting firm's owner sues them into oblivion.

Final kicker - why didn't the IT consultant do regular test disaster recovery runs, and discover the password issue?  The accounting firm owner didn't want to incur the cost and system downtime to do so, against the advice of the IT consultant, who's now the only person left with an e-mail trail and records to demonstrate this.  So it's quite likely that they will walk in terms of the lawsuit, despite it being their negligence that caused the issue.

"But that costs money!" - any manager/executive/owner, ever.

No comments:

Post a Comment

Please be aware that all comments are moderated so if you're a scumbag spammer then I suggest not wasting your time. Your spam will not be seen by anyone.

Note: Only a member of this blog may post a comment.