Yahoo Finance published an article a few days ago about Fran Finnegan. You can read the whole thing here. The article details how Fran’s business got attacked and infected with ransomware, which essentially shut down his entire business for an undetermined period. It’s written sympathetically and talks about what a terrible problem attacks like this are. I want to talk about how to prevent the easiest hack in history.
I agree that ransomware sucks. Fran probably didn’t deserve what he got. I’m sure he’s a nice guy. However, ultimately it was Fran’s negligence and complacency that got him hacked. It’s also the easiest possible hack to prevent. Here are several methods of defending against it.
How it Happened
The article talks about how Fran set up his business computers in a data center and made sure the hardware had redundancy so his website would stay up if there were a failure. He also had a firewall to protect him. All good measures to have in place.
Then comes his bonehead mistake. Fran set up an account for himself on the server with administrator privileges. He used the same 24-year-old password he used on his yahoo email account. After bypassing his firewall service with (what sounds like) a brute force attack the old password gave the attackers keys to the kingdom. They proceeded to encrypt all his data and shut him down, requesting a ransom.
The Many Methods He Could Have Used to Prevent This
- Don’t reuse passwords. Change passwords regularly. Especially for something like a server that has administrative privileges. Better password hygiene would have at a minimum bought Fran some more time to prevent the attack.
- Enable Multi Factor Authentication. This is one of the very best ways to prevent a password breach. Simply set up MFA on all servers and firewalls so that you must have both a password and a token such as biometrics or an authenticator app on your phone to gain access. MFA defeats over 99% of password attack attempts, and it’s easy to set up.
- Check if your passwords have been compromised. Don’t use compromised passwords. A handy website to check on is https://haveibeenpwned.com/. This will show you where you have accounts that have had a breach. Delete old accounts, and update passwords on existing accounts. Set up MFA on all if possible. Frans yahoo password had been breached all the way back in 2013 and has been available on the dark web for YEARS.
- Enable Intrusion Prevention Services on the Firewall. Most firewalls either have this built in, or you can add it by purchasing a software license. Once turned on it will alert you of brute force and other attacks at the firewall, and if properly configured IPS will stop the attack. This would have stopped the attackers at the firewall and potentially rendered his horrendous password hygiene moot.
- Check firewall and server logs occasionally. Even if Fran didn’t have IPS in place and looked at the activity logs on the firewall, it would have shown that there was a brute force attack happening. It apparently took them 2.5 million password attempts over a period of 2 weeks or more to get in. Any cursory glance during this time likely would have tipped them off that something was up.
- Geo-blocking on the Firewall. The attack in this case (like many attacks) seems to have originated from Russia. They’re not along in cybercrime, but it’s prevalent there. Most firewalls can block connections outside of a given geographic area. If Fran knew that he and his team here in the US are the only parties that have legitimate reason to connect to his firewall he could have blocked all other locations. This would have made it inaccessible.
Don’t Let This Happen to You
Honestly, this is exceptionally sad because it was exceptionally preventable. Any one of these and NUMEROUS other methods would have likely saved Frans’s bacon. If you don’t have a good handle on your cybersecurity, it’s time to get one. If you don’t have the team, hire an expert. Don’t let something that is easily preventable shut down your business. Maybe permanently.
If this isn’t in your wheelhouse that’s OK. Call the experts at i.t.NOW and we’ll work with you and your team to put the right systems in place to keep you safe. Maybe Frans example can end up doing a lot of good in the world by prompting others to action.