Ransomware attacks are a nightmare for any business. Jay Tipton, a CompTIA member, recently survived a cyberattack that impacted his company as well as customers. He shares his story, what to expect and how to get through the crisis. Jay Tipton, like millions of Americans, was looking forward this year to the Independence Day holiday weekend. Just a few more hours, and the festivities could start.
Technology Specialists, an MSP based in Fort Wayne, Ind., was visiting a long-standing client to reprogramme a stubborn phone. It was also a chance for old friends to check in and wish them a Happy Independence Day. He noticed Outlook was shutting down on his laptop as he was finishing up. He thought it was strange, but it wasn’t a big deal. That’s when the real fireworks started.
Tipton’s office manager called Tipton to inform him that she couldn’t access the ConnectWise and Kaseya accounts of the MSP. She called back to tell her that a client had called and couldn’t access its machines. In a matter of minutes, seven more customers called her complaining about their machines acting strangely and files popping up on the screen. Something was wrong.
Tipton returned to the office, and he saw his screen. There was no doubt that the MSP had been attacked by ransomware.
“At that point we knew a lot, but not enough to know the exact number of people it affected. We thought it was us at first. He said, “And that’s the most horrible feeling you’ll ever feel.”
It wasn’t just Technology Specialists. An attack on Kaseya’s VSA software caused by a vulnerability is believed to have affected up to 1,500 businesses, including many MSPs who are increasingly being targeted by cyber criminals due to their small business clients.
Tipton shared his experiences in an episode CompTIA’s Shoering Up Security with host MJ Shoer. Tipton is executive vice president and executivedirector of the CompTIA Information Sharing and Analysis Organization. This episode was recorded to help other solution providers better prepare themselves for a possible attack on their businesses.
Expect the Unexpected
Technology Specialists used to back up customer data to three different locations as part its disaster recovery plan. The attack was so devastating that all three remote sites were hit simultaneously, something the MSP didn’t expect.
Tipton stated, “Normally all three aren’t even on at once.”
It was heart-wrenching to imagine customers, some of whom had been with us for over 20 years, being affected. Tipton was a victim of his own incompetence. Tipton was left mentally, physically and emotionally exhausted by the ordeal. He shared his story in the hope of saving other MSPs from a similar fate.
“I stopped eating for three days. I lost 10 pounds. Tipton stated that I was there for 20 hours per day the first three days, and then I would have to go back three weeks later to get 300 hours in. You need to plan for an attack but not for the emotional impact. I experienced all the emotions. Customers trusted me with their data and I got sick.”
Tipton stated that while the MSP lost a few clients due to the attack, the majority of his 60+ managed services customers and 100+ project-based clients have remained with the company through and following the crisis.
He said that 99 percent of the people who read the articles understood that there was nothing they could have done to stop it, and that nothing is safe anymore. “There are some that don’t get it and won’t understand it. They blame us.” I can’t change their minds so I’ll just shake hands with them, let them go, and continue my life.”
Tipton stated that he had so much to do and so many things to worry about that he decided to delegate the coordination of the recovery and remediation process. This was a smart move because he was emotionally attached to his clients and the circumstances.
“I told my manager to let it go. I had intended to concentrate on getting my medical clients back up and running, so I said I needed you, take this and go. It wasn’t because I didn’t want it to be done, but I kept adding to the list of things that needed to be done. Jay will no longer be the coordinator in our disaster recovery plan,” he stated.
An Attack on You is an Attack on All of Us
More than 80 tech vendors, distributors, and other MSPs offered support once word got out that Technology Specialists were under attack. They even offered to fly in extra resources if needed.
Tipton stated that several former employees, customers, and peers have assisted with the remediation process. This includes delivering new devices and checking in to ensure he’s doing what he needs to do.