It's not uncommon for everyone to experience a network problem. As you can guess, everyday comes with a challenge whether it's recovering files or fighting of a ransomware attack.
What was the Network Problem?
A local school district was targeted by cybercriminals. With a lack of budget and holding the belief that school districts are not typically targeted for cyber attacks, the school did not have the manpower or proper security in place.
Typically, cyber attacks happen on Friday nights or Saturday mornings to decrease detection. Also, they will typically attempt to break in right before a major operation, such as payroll, to add pressure to the situation. Like most hackers, the group initiated the attack late on a Friday night before payroll was due.
As Saturday morning came around, they went to access the student information database only to find an advertisement for Ryuk- a type of ransomware notorious for targeting government, education, and health-sector entities.
After doing some trouble shooting they discovered that the events happened as such:
- DBA reports issues with server
- Ryuk found, management notified
- All windows Servers powered off
- Payroll database ok, switches disconnected
- Server backups unrecoverable
Knowing that they had been hacked, the school district cut off their network and began to contact contractors for additional help with the issue at hand.
We were contacted Sunday morning and we began to help them with recovering their files and repairing their network. Looking into the issue, we discovered that they were using a flat network.
The Issue with Using Only a Flat Network
Essentially, a flat network only requires one switch to operate. A switch manages data flow in a network acting like a security door.
As you can guess, this security door determines which users are allowed in and out of a network. The problem is that if someone can get past that one security door, they have full access to your network.
How did you solve the Network Problem?
Luckily the school district had a physical backup, which helped us rebuild what they had lost. We went and installed proper malware security and segmented their network to further heighten their cyber security.
Working closely with their staff, we informed them of the backdoors they had open in their old network and gave them some best practice tips for keeping their network secure.
Over the next several months we assisted them with recovering lost files and other tasks needed to help rebuild their network.
Segmenting the Network Problem
Segmenting a network is a commonly used method to build a secure network.
Essentially, when you segment a network, you add sub-networks. Within each new sub-network, you add a switch; or rather, a "security door". Each security door decides who stays and who goes between each sub-network.
Now with more sub-networks in place, an attacker has to go over more hurdles to access the entire system. Essentially, if a hacker gets into their network again, it will then be contained to a single sub-network.
After the incident was fixed, the school district acquired more funding and hired proper staff to run their network.