→ 🚀What's New? Explore Lansweeper's Fall 2024 Updates! Fall Launch Blog !
Hello Community Members,
Last week we launched our Cybersecurity Challenge inviting you to share your scariest IT Horror stories. Today. we're thrilled to announce the winners who impressed us with their spine-chilling tales!
Challenge Details
In honour of spooky season, we invited you to share a Cybersecurity horror story!
Imagine waking up to your worst cyber nightmare. Your entire network has been breached, and critical assets are being held ransom. Perhaps an insider threat is wreaking havoc, or a sophisticated, undetected malware has taken control of your infrastructure. Describe your experience in detail! How did you respond, and what toolsālike Lansweeper's asset discovery and vulnerability reports(shameless plug) āhelped you regain control?
How to Participate
Cueā¦Spooky Goodies
Prizes
Here are the winners...
1st Place: HIPAA Compliance? So Far Away, Its Frightening by @KelKoop
Submitted by by kelkoop, this entry was selected by Lansweeper for its terrifying insight.
In 2010, I worked as an IT Consultant on a remediation project at an HMO. I was examining and exploring the datacenter when I found a 12-port dialup modem under a rack hidden in a rats nest of cables.
I followed the connections to a 'server', which was actually just a PC. This PC was running Searchlight BBS - a Bulletin Board System from the 1980s.
The PC was also logged into the Netware servers as Administrator. After a lot of inquiry, I learned that this was the system which medical clinics 'out in the weeds' used to submit insurance claims for medical work. So, think of it like this:
Your doctor connects, via dialup, to another computer running a front-end which was hackable thirty years before. He logs in and sends your medical claim with ALL your PII (Personally Identifiable Information - a HIPAA term) over the telephone lines in clear text.
Once at the other end, it's stored locally on that PC in clear text and anyone walking up to that machine has Administrator access to EVERYTHING.
"AAAAAAAAAAAAARRRRRGGGGHHH"
Epilogue:
I brought this HIPAA Compliance problem up the tree all way to the director and could not find a single person of authority willing to take my concern seriously. It was "just the way we do things". Good Effing Grief!
2nd Place: The Scary Ransomware of the Dawn by @mdias_software
Submitted by mdias_software, this entry earned the most Kudos from the community.
Hello, community!
My story is based on real and somewhat intense events...
It all happened about 2 years ago. It was a quiet Monday after a weekend of monitoring when we all returned to the office. However, when we arrived, we were surprised by a chaotic scene: several people were complaining that their files were completely indecipherable. That's when we realized that it was a ransomware attack.
The situation became even more complicated when we discovered that Friday's backup had not been removed from the server. This meant that the backup had also been encrypted. In addition to having to format and reinstall the machines and servers to ensure that no trace of the attack remained, we faced the challenge of restoring the entire file infrastructure from a backup that was already a week out of date. To make matters worse, all the files on the machines were accompanied by a dark message: a ransom.txt file, which demanded payment in bitcoins, with the promise of decrypting the data if the ransom was paid. Of course, the account to send the cryptocurrencies was also specified.
The process was long and exhausting. It took two full weeks to format and reconfigure about 40 employee computers, ensuring that there was no trace of the hackers. The feeling of tension and urgency hung over us, but with a lot of effort and teamwork, we managed to stabilize the environment and restore operations for the approximately 40 affected employees.
In the end, although it was a stressful experience, we learned valuable lessons about data security and the importance of rigorous backup protocols.
Kind Regards, Mateus Dias
Honourable Mention: "The Day Lansweeper Became a Lifesaver: A SysAdmin's Tale" by @Jacob_H
A shoutout to our colleague Jacob_H for receiving the most Kudos on this story.
The year was 2016. I was sitting at my desk, doing work as usual. I over-sugared my coffee again, but didn't feel like walking back to the breakroom to make a new cup. The other Sr. Engineer was training one of the Jr. Engineers. A normal day.
Our phone rang. "Infrastructure Dept. - How can we help you?" the Jr. Admin said. "Your files on the public drive won't open? Weird, that's the fourth call within the past 30 minutes. I'll see what I can find out."
He then turned to me and asked "The user said it was their G: drive. Do you know what server hosts the G: drive?" Full disclosure, I was the "new guy" so I didn't have all of that stuff memorized like the older admins.
But - being a Sr. Admin, I came in and insisted on the purchase of Lansweeper in order to get their environment in order. "Pull up the mapped drives report in Lansweeper - start typing the username, it will tell you what their G: drive maps to.
"Ah cool, thanks." - It was that easy. "You know, this tool is pretty handy." "yeah, for real. career advice - wherever you go, get them to purchase Lansweeper - it will make your admin life much, much easier."
I sat back and started working again, importing IP locations from their IPAM application into Lansweeper - and in one fell swoop, hundreds of locations were instantly categorized. Boom.
"Uh - hey, some these files on the file server have weird extensions, and I can't open them."
I froze. "Oh crap. what's the file extension?" - "Dot ENC". "Go tell Security, NOW." - i blurted - I was logged on to VCenter already, so I immediately disconnected the virtual NICs from the VM, and notified my boss, and the security team.
"Go find where its coming from and kill it!" my boss said - and the security team scrambled. He turned to me - "Aren't they supposed to know about things like this before we do? See what you can find"
"I'm on it." - The only thing is, I was the new guy, and I wasn't on the Cyber team - I had limited tools... but I had my SysAdmin experience, and, Lansweeper. "Let's do this." I almost said out loud.
I consoled into the VM and navigated through the public share, sorting by last modified date, and found the oldest encrypted files and their directory. I saw the ransom .txt note, and pulled up the file metadata. "Created by John Shipman (not his real name)"
In an instant, I knew what machine he used via Lansweeper - "His computer is LPT03281 - it's a laptop and he works out of the corporate location on the 7th floor - the MAC and IP address are this.."
"I'm calling him now" the Jr. Admin said - and quickly got on the phone.
I saw the look on my boss's face as he saw the cyber team around my desk. To be honest, I was used to it - I knew what he was thinking - "Why are they looking to us for the information? Don't they have their own tools?"
One of the security team's workers came by - "I don't see that MAC address or IP address in the logs" "How is that possible?" another security team member said. "I dunno - it's just not there - I double-checked."
"The user is on Vacation," the Jr. Admin said. "We are trying to reach him now."
Dang. Something isn't right - Lansweeper can't be wrong, but then neither could Cisco ISE that the security team uses. I went back to Lansweeper. Ok, it's a laptop. Let me look to see if there are multiple IP addresses. VPN? Attached network device?
Then, I found it.
A docking station. Lansweeper showed that it was connected on both the wireless, and wired via the docking station. "Stupid Dells!" I actually said out loud (nothing unusual) "They are supposed to switch from wireless to wired when you dock - this one kept both on"
"Here's the IP and MAC - it's the wireless and not the wired."
āOh dang ā we missed that wireless subnet when setting up ISEā one team member said. The security team lept into action, and worked quickly to resolve the issue.
"Restore from Backups," our boss said. This part WAS our responsibility - which was perfectly fine. I had set up an import from the backup system into Lansweeper, updating the 'Last Backup' field for each respective asset. Everything that should be backed up, was, and I could quickly see that without logging in to the backup system.
"yessir - we have a good backup from an hour before it started. Restoring the files now."
I sat back, and sighed a deep sigh of relief. Lansweeper once again helped me find an issue, and my experience as an Admin armed me with the knowledge of what to do. Four things happened that day - my fellow admin team quit giving me a hard time about relying on Lansweeper so much and questioning my admin abilities, by boss was impressed that his Infrastructure team was on-point, the CyberSecurity team found a missing subnet, and also all asked how they can have access and use Lansweeper.
Just one of the many true stories I have of how Lansweeper helped prevent a bad dream from becoming an unmitigated true Horror story!
Congratulations to all the winners for their fantastic contributions! š Weād also like to thank each participant for sharing their experiences with the community.
As a token of our appreciation, weāve awarded Halloween-themed badges to your community profiles. Keep an eye on this space for news about our next challenge!
Lansweeper Community Team
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now