Atlanta, Ga.-based E.R. Snell Contractor, Inc. thought its chances of being the victim of a cybersecurity attack were slim. In September 2020, however, the company found out what many businesses have learned: a data breach can happen to any organization.
With an annual project volume between $200,000 and $400,000, E.R. Snell — like most businesses — can’t afford to deal with a significant business disruption, which is why more and more contractors are putting the proper cybersecurity resources in place to help protect their operations from growing cyber threats. Justin Snell, E.R. Snell’s vice president of technology, recently sat down with Mike Dooley, Viewpoint’s information security officer, to discuss the recent cybersecurity event at the company and how it was addressed.
Pre-attack
Prior to the attack, E.R. Snell had approximately 90% of its software system on-premises with the other 10% in the cloud. To prevent cybersecurity threats, the company invested in cyber insurance that provided anti-virus protection, but not endpoint detection and response (EDR). Both the cloud and on-prem servers were backed up daily. However, in the case of an emergency, E.R. Snell relied on access to these backups in order to initiate a basic recovery plan.
The Sunday before Labor Day, E.R. Snell began receiving alerts from its anti-virus system. Cyber criminals had encrypted the company’s on-premise servers and deleted almost all of the cloud backups. Due to the company’s lack of a stringent password policy, the hackers were also able to compromise an employee’s email account, place a key-logger on the on premise mail server and gain administrative access. Through the chat service, the hackers then demanded a ransomware payment through bitcoin.
