Reading time ( words)
Cybersecurity is a necessity in every business, and this interview is a must-read for helping you and your company to understand vulnerabilities and protect yourself from attacks. Remember, until an attack hits you, you have no idea how devastating it can be.
Eric Cormier and Dave Ryder of Prototron address the ransomware attack that locked them out of their system last December, bringing business to a screeching halt and forcing them into the arduous process of a full rebuild. With things finally starting to normalize, Eric and Dave now offer precautionary advice they’ve accumulated over the past six months.
Barry Matties: Eric, to set up this conversation, your company was hit with ransomware. Somebody locked you out of your system and demanded a ransom.
Eric Cormier: Yes, and it was actually Friday the 13th in December 2019. It was not a good day. From what we’ve been able to trace, it came from a piece of equipment that we utilize for certain processes in the shop. It looks like somebody got onto the internet and accidentally clicked on some links.
With ransomware, what’s insane about it— especially what we were hit with—is that it was built to not only infiltrate our network, but also determine the types of PCs we had in the shop in order to do the most damage. It ran from one PC, hit a couple of devices that weren’t secure, and turned them into what they call “zombies,” which wreaked havoc across our facility. It originated in Redmond, and because our facilities are connected in Redmond and Tucson, it branched out and hit multiple PCs and infrastructure in our Tucson facility.
Because of the extent of how this software works and how advanced it was, we had to do a 50,000-foot view of shutting everything down and doing a complete rebuild. We couldn’t take what we had that was still working and reuse it. We had to reinstall operating systems and go the full length of a complete infrastructure rebuild. It did some serious damage. And it’s not necessarily something that can be controlled from a security perspective once it’s been let in-house; it was very difficult to root out where it came from.
With the nature of cybersecurity today, we had tools in place that allowed us to determine—from an intrusion detection perspective and traceability of what went outbound—that our data was compromised internally. We were able to even have a third party look at it, and they verified that as well. We had a third party review everything and found that nothing was compromised externally, which meant that while our data was affected, it wasn’t transferred out of our networks.
To read this entire interview, which appeared in the July 2020 issue of SMT007 Magazine, click here.