Last year our company was hit by a ransomware virus and it took us about two days to recover. We thought we were well protected with our anti-virus program and other protective measures. After we restored everything, double checked our virus protection and changed all our passwords we were hit again and lost another two days of productivity. We found out the virus was not coming in via a website or email, but by someone logging in directly to our server and running the program. We had not removed an old user and that was the user name and password being used to damage our data.
Last month we had to help one of our clients because they were hit by a virus. They went through a similar procedure and when I was helping them, I shared my story. Sure enough the next week they were hit again. It did not come from where they thought it came from, but from an old workstation that no one uses, but was still connected to the server. The hackers found that computer and from there they were able to cause major damage.
I am sharing these stories to help protect you from a similar incident. Please, when people leave your company, remove their user names from your system so you will not be the next victim of ransomware.
Written by Michael Ericksen, WAC Solution Partners- Midwest