Business got cyber hacked I need help

[Done-it-again]

That’s why I have a job

If you are taking snapshots on your NAS you can sometimes go back to a snapshot from before the ransomware and restore from there.

I'm not knowledge in this so I'm basically following blind how it works...

This is what was given to me last year to think about. It was 1 sets of each, one onsite and one offsite at my home that will sync with the Nas in the office during after hours. 5 hard drives per disk stations, so we had a Monday- Friday daily up.

Synology 5-bay DiskStation DS1522+
Network Attached Storage for Office

Seagate IronWolf 8TB NAS Internal Hard Drive HDD
Provides Over 35TB Disk Storage Space in RAID 5
For Backup of Server and Workstations

Synology 5-bay DiskStation DS1522+
Network Attached Storage for Offsite Backup

Seagate IronWolf 8TB NAS Internal Hard Drive HDD
Provides Over 35TB Disk Storage Space in RAID 5
For Offsite Backup and Sync with Onsite NAS

 

[rivergames]

We've had a company for years now protecting our business. Businesses without protection are eventually going to suffer.

 

[sintax]

I'm not knowledge in this so I'm basically following blind how it works...

This is what was given to me last year to think about. It was 1 sets of each, one onsite and one offsite at my home that will sync with the Nas in the office during after hours. 5 hard drives per disk stations, so we had a Monday- Friday daily up.

Synology 5-bay DiskStation DS1522+
Network Attached Storage for Office

Seagate IronWolf 8TB NAS Internal Hard Drive HDD
Provides Over 35TB Disk Storage Space in RAID 5
For Backup of Server and Workstations

Synology 5-bay DiskStation DS1522+
Network Attached Storage for Offsite Backup

Seagate IronWolf 8TB NAS Internal Hard Drive HDD
Provides Over 35TB Disk Storage Space in RAID 5
For Offsite Backup and Sync with Onsite NAS

my only concern with this setup is just making sure whatever method you're replicating data from Primary NAS > Offsite NAS has some protection from replicating the fuckup...


IE... User A logs onto file server, accidentally deletes important folders 100,101, and 102. User A doesnt realize the fuckup, and the file server replicates the fuckup to the Primary NAS, and Later that night, gets replicated down to the Offsite backup.

replication topology should always be well thought out.

 

[Done-it-again]

my only concern with this setup is just making sure whatever method you're replicating data from Primary NAS > Offsite NAS has some protection from replicating the fuckup...


IE... User A logs onto file server, accidentally deletes important folders 100,101, and 102. User A doesnt realize the fuckup, and the file server replicates the fuckup to the Primary NAS, and Later that night, gets replicated down to the Offsite backup.

replication topology should always be well thought out.

Thank you!

Is there something simple from keeping that from happening? Simple as in the form of $$$$ lol.

 

[sintax]

Thank you!

Is there something simple from keeping that from happening? Simple as in the form of $$$$ lol.

totally, those devices should support snapshots. Just some food for thought

Snapshots | Snapshot Replication - Synology Knowledge Center

Synology Knowledge Center offers comprehensive support, providing answers to frequently asked questions, troubleshooting steps, software tutorials, and all the technical documentation you may need.

kb.synology.com

 

[Done-it-again]

totally, those devices should support snapshots. Just some food for thought

Snapshots | Snapshot Replication - Synology Knowledge Center

Synology Knowledge Center offers comprehensive support, providing answers to frequently asked questions, troubleshooting steps, software tutorials, and all the technical documentation you may need.

kb.synology.com

Thank you again....

 

[rivermobster]

Thank you!

Is there something simple from keeping that from happening? Simple as in the form of $$$$ lol.

I do 3 days in a row...

Weekly...

And monthly backups. I hope I never have to use Any of them!!!

 

[Done-it-again]

I do 3 days in a row...

Weekly...

And monthly backups. I hope I never have to use Any of them!!!

We run backups but again they are cloud base for our engineering folders etc.. Can I get up and running in 24hr from that? I don't think so.

Now that my business software is cloud based I don't have that issue anymore dealing with that on our own server.

 

[rivermobster]

We run backups but again they are cloud base for our engineering folders etc.. Can I get up and running in 24hr from that? I don't think so.

Now that my business software is cloud based I don't have that issue anymore dealing with that on our own server.

You really can't ever be too safe.

 

[mbrown2]

Albert, did you ever get help? Interested to see what you found.....

 

[stephenkatsea]

Does "Delete & Report" actually do any good? Who is the scam reported to? If at all . . .

 

[ChumpChange]

Albert, did you ever get help? Interested to see what you found.....

He unplugged his computer from the Internet so it might take some time for a response.

 

[pronstar]

somebody clicked the wrong email to open the access.... What is your location?

Yup.
Not just opened an email, but clicked on a link in the email.

 

[mbrown2]

He unplugged his computer from the Internet so it might take some time for a response.

Savage

 

[Albert]

Albert, did you ever get help? Interested to see what you found.....

I did , I found a local company that worked on it. We somehow got lucky in the sense that the girl in the office caught while they were in the computer snooping around . No funds were removed and only one computer got corrupt. We were able to remove malware or something like that and go to a 2 sign in authenticity . The bank accounts have been changed to new account numbers which is a pita because of all the direct pay coming and going. And we signed on with a company that monitors our activity.

 

[mbrown2]

I did , I found a local company that worked on it. We somehow got lucky in the sense that the girl in the office caught while they were in the computer snooping around . No funds were removed and only one computer got corrupt. We were able to remove malware or something like that and go to a 2 sign in authenticity . The bank accounts have been changed to new account numbers which is a pita because of all the direct pay coming and going. And we signed on with a company that monitors our activity.

That's great to hear... dodged a bullet. 2 Factor Authentication from now on definitely.....Not sure what malware/virus/ransomware protection you have in place but definitely probably should have the company you worked with look at options for you.. If you are an O365 user you have a number of Microsoft options (Defender, Sentinel) or if an AWS customer there are a number of security options there too. I am all about have somebody do it for you like an end point protection (EPP) product or end point detection and response (EDR) product like Crowdstrike, or extended detection and response (XDR) service like Critical Start who can monitor your environment, respond, and take quarantine and remediation actions 24/7/365 on your behalf so you are not paying for full time IT folks...Probably most important is have a regular password change routine for everyone and administrators. Then insure everyone is trained on how not to fall for phishing attacks and not to share or write down userid/passwords anywhere. Would also look into you backups and insure you have immutable copies and MFA on those. Rubrik is good at this.

 

[DarkHorseRacing]

That's great to hear... dodged a bullet. 2 Factor Authentication from now on definitely.....Not sure what malware/virus/ransomware protection you have in place but definitely probably should have the company you worked with look at options for you.. If you are an O365 user you have a number of Microsoft options (Defender, Sentinel) or if an AWS customer there are a number of security options there too. I am all about have somebody do it for you like an end point protection (EPP) product or end point detection and response (EDR) product like Crowdstrike, or extended detection and response (XDR) service like Critical Start who can monitor your environment, respond, and take quarantine and remediation actions 24/7/365 on your behalf so you are not paying for full time IT folks...Probably most important is have a regular password change routine for everyone and administrators. Then insure everyone is trained on how not to fall for phishing attacks and not to share or write down userid/passwords anywhere. Would also look into you backups and insure you have immutable copies and MFA on those. Rubrik is good at this.

Crowdstrike, while the gold standard, is probably not going to offer their Falcon product to a real small business.

Malwarebytes has a decent EDR and now offers an MDR (managed EDR) as well. Cloud management console is pretty simple.

 

[paradise]

Crowdstrike, while the gold standard, is probably not going to offer their Falcon product to a real small business.

Malwarebytes has a decent EDR and now offers an MDR (managed EDR) as well. Cloud management console is pretty simple.

Agree CS will be tough. Another top tier option that can be surprisingly affordable and takes very little config is SentinelOne. We pair with Vigilance for our entire client base and have been VERY pleased.

 

[ChumpChange]

I did , I found a local company that worked on it. We somehow got lucky in the sense that the girl in the office caught while they were in the computer snooping around . No funds were removed and only one computer got corrupt. We were able to remove malware or something like that and go to a 2 sign in authenticity . The bank accounts have been changed to new account numbers which is a pita because of all the direct pay coming and going. And we signed on with a company that monitors our activity.

I don’t know the size of your business or transaction volume but did you ask your bank about maybe just signing up for positive pay? Did they offer it instead of new numbers? New account numbers or not, it’s always a good thing to have. Generally can keep your existing accounts as well.

 

[JBS]

I don’t know the size of your business or transaction volume but did you ask your bank about maybe just signing up for positive pay? Did they offer it instead of new numbers? New account numbers or not, it’s always a good thing to have. Generally can keep your existing accounts as well.

This is what we use