14 Sep Can It Happen Again?
On Monday 3rd September our server was subject to a Ransomware Attack, as soon as this was discovered we immediately appointed an independent IT security company to conduct a thorough forensic investigation to scan of all our IT systems and report back to us.
Subsequently we were reassured that no information was accessed or copied during this attempt and all the information we retain regarding your information is safe.
Monday 3rdof September:
6:30 am: Prior to going for my daily walk with Bert my dog, I drank my coffee, listened to the attention-grabbing news on radio 4 regarding the wholescale harvesting of personal data at British Airways (apparently the hackers stole all the credit card details of BA customers).
Well, I had had a lovely brisk walk with Bert got back home; had my shower, put on my work clothes, was musing about the effects the data breach at BA would have on their customers as I walked into the office. I knew instantly something was amiss no usual “what was your weekend like”, instead, staff silently ushered me to the computers each of them displayed the message “You are locked out – to gain access you will need to pay a one Bitcoin ransom (£7,500) send your crypto currency to…”
Well, I didn’t see that punch coming. You know that feeling you get when you first realise your hearing truly terrible news? I wanted to put my head in my hands but resisted, my heart had fallen into the pit of my stomach in an instant (and the BA hack jumped to the forefront of my thinking). It was one of those moments that can only be dealt with the physiological reaction“flight or fight”(close call but) fight won.
We established quickly that that banking side was unaffected, so no money was missing (different system). We then understood from IT specialists that it was a “Access Denied” ransom. The specialists advised that under no circumstances were we to pay the demand because even if successful we would only be given partial access and the demands would continue while the charges increased.
Ok so we started our “disaster recovery plan” first phase new server and access the off-site backups of our data, we initially estimated that we would be out of action for the morning at most – a real inconvenience for the members waiting for access to their wages or benefits – but necessary whilst the reinstallation took place.
Now given the amount of time (and money) we had spent on this contingency, I thought it would be a relatively easy task. The next punch: our data storage file had – because of its size – exceeded its storage space capacity, the “Artificial Intelligence” in the system didn’t flag it up, as it was designed to do and could only retain information and electronic data up till June the 18th!
When this was reported to me I had another one of those Fight or Flight moments (and another close call).
Now we were in the position of having the information regarding all bank deposits visible and the money in the bank but couldn’t enter it into the system as the backup file was only registering till June the 18th.
At this point I was heard saying “flipping heck” and wondering where the next punch was going to come from. All the time trying to keep focused and motivating the staff team (who by the way have all been Olympians with a couple of standout performances).
Yes, we are fighting, we have remained operational, I know it has caused inconvenience for members and I sincerely apologise. It is never our intention to inconvenience you and your wellbeing and welfare is our priority: after all it is why we were established.
Please beware that is not my intention to make light of this matter and forgive me if I’m coming across that way. But I’m sure we all know that there are times, in life when things go wrong despite our best efforts. It’s what we do next and the decisions we make after the tumble that counts. I’m not a finger pointing type and don’t involve myself in blame games (that’s for another day). My focus, energy and resolve, remains concentrated on the solution.
Our 3rd line back up is the traditional paper trail we are obliged to keep for audit purposes and it is this we are now employing. Each evening we generate a paper ‘end of day’ audit report and reconciliation, we also produce paper records of all counter transactions and have access to all electronic bank statements and trial balances plus reconciliation records for each account. This gives us an accurate documentation of all transactions (old fashioned) but nonetheless exact. Your staff are now, as I write, working diligently to repopulate the software from the 18thof June to complete the full back up.
With a fair wind behind us all will be back to speed shortly and full online and text service will be live. We will also instruct a firm of auditors to review our labours for the specific period June 18th till the 3rd of September.
Can it happen again?
Well, when we were advised that there was enough space in our backup file each evening and the (AI) in the folder would automatically flag up the need for additional file capacity, we took it as read – but when “Artificial Intelligence” meets natural stupidity, who can say what the outcome will be.
But know this, we are already better prepared and have in place a much-improved disaster recovery plan with enhanced security and unlimited file space additionally we’ve commissioned IT security to conduct additional penetration tests.
This incident has taught us many things about ourselves and the organisation research informs us that:
We have as a matter of cause reported the incident to all the relevant authorities we have kept you our members informed via email and social media. I have also produced some handy links below.
I would advise anyone as a matter of course to review your own personal data security and ask yourself regardless of who or what organisation you give your personal information to visit https://ico.org.uk/your-data-matters/online/social-networking/