Storetech representatives won participants in the collision industry conference (ICC) through minutes, hours, days, days, weeks and months of a fictional automotive repair workshop after a cybersecurity attack on his business.
Allan Polak, senior of StoreTech technology, describes “Lucky Bob” as the owner of “Lucky Bob's Autobody and Paint”, a company that achieves approximately $ 1.2 million in revenues.
Lucky Bob built the company from scratch after being a technician in some different stores, Polak told the public during the meeting held in Richmond, Virginia last week.
“In many ways, Bob is a lucky guy,” he said. “He has seen over the years of cocovation and disturbances through the supply chain, he saw competitors come and go, and he has a beautiful family at home. He has a son at university. He has one who is ready to take control of the business at that time. ”
Bob came to work early, as he usually does, said Polak. He opened his computer and saw an email from his trust supplier, “Tool Titans”.
E-mail requests information before an order of a tool can be completed, said Polak. He also asks him to use multi-faster authentication.
“He experienced this in cybersecurity training,” said Polak. “They instituted authenticators. He releases his phone, enters two -fact factors. At this point, Bob gets up from his office, sees that his managers come for the day and will take a cup of coffee. ”
About an hour later, Bob returns to his office, Polak said. “Bob is about to have a tour of luck,” he adds.
He opens his computer to find a screen that says, “I want to play a game with you, and here are the rules. All your important files have been encrypted and are now inaccessible to you. To find access to your files, you must pay a Bitcoin ransom. ”
Polak said that in the scenario, pirates threaten to permanently delete all Bob data and disclose it to the Dark Web if half-bitcoin is not paid within 72 hours.
“Lucky Bob obtains this feeling of pit-in-his-stomach at the moment,” said Aleks Pavlinik, Director of Information Security at Storetech, by explaining the Polak scenario.
Soon, Bob realizes that the message is not a stroke of luck, said Pavlinik. He learns that the parts service cannot access the order forms, the telephone system is disconnected and that technicians cannot access technical information.
Bob looks at what half-bitcoin costs to find that today's value is $ 50,000, Pavlinik said.
Polak then took the public thanks to Bob's decision to pay the ransom after three days without operations in his business.
A computer team is sent to the insurance company and finds the email of the tool company to which BOB has logged in, said Polak
“The threat actors used stolen passwords to access several computers from the Bob office, and they had access to other resources, such as phones, cloud, files, and Cetera,” Polak said. “And once they had access to these computers, they also found an Excel spreadsheet. This Excel spreadsheet was a treasure. It had all kinds of passwords for them, including certain personal accounts, and they use it to take a greater position and go more deeply.”
The pirates also lie and do not disclose all the information after being paid, said Polak.
“These are criminals,” said Polak. “There is no honor among them.”
Polak added that hackers have also disclosed information to the Dark web.
In addition to the payment of ransomware of $ 50,000, Bob also paid $ 150,000 in the takeover of IT, says Polak. And the insurance company disputes the complaint.
“At one point, when Bob applied for this Cyber-Assurance Police, he received a form to fill out, about 10 pages, and he asked questions like”Do you have a multi-fatector authentication on each system? Do you use strong passwords? And this, “said Polak.” He filled him as best he could, but the insurance company said it was not good enough. “”
Bob is also subject to compulsory public reports due to some of the stolen information, said Polak.
Pavlinik then changed speed and explained to the public how the scenario would go if Bob did not pay the ransom.
“The systems have been disconnected, which stops the spread of ransomware,” explains Pavlinik. “The IT support cybersecurity teams were sent and they were able to restore emails and communications and communications on the Internet, so they were able to access their cloud-based services, which, as you all know, is essential to manage your businesses.”
A medical-legal team also finds the email of Titan tools.
Bob ends up with $ 150,000 in IT services but no Rançon payment. Insurance still disputes the complaint. There are income lost in downtime.
Pavlinik says Bob learns that the service service has copied driving license numbers in a file, which is personal information identifiable in virginia. Penalties can be more than $ 5,000 in the event of a violation.
None of the two options is good, says Polak. He adds that payment of the ransom comes with some additional legal consequences. This is not something that can be reported to the IRS, and the FBI asks companies not to pay the fine because it could potentially be a terrorist group.
“The only good choice in this situation is really to prevent it from starting,” said Polar.
Pavlinik says that the first stage of a company in the event of a cyber attack should be to call his lawyer.
“You want to establish a lawyer-client privilege in this situation,” said Pavlinik. “You are now faced with hundreds of thousands of dollars in civilian penalties and depending on whether you pay the fine, crimes. I strongly suggest you establish this communication first, then go to the insurance company. ”
The insurance company will send a team of responders to recover data and investigate the event, he said.
“You can't use your friend on the street,” said Pavlinik. “You cannot call your smart son at this stage. You must follow what the insurance company will do.”
Restoring can take a week to months, he said.
Bob could have avoided e-mail if he had noticed a few red flags, said Pavlinik. This includes a feeling of urgency in email and spelling mistakes found on links.
However, Pavlinik said that hackers have become more advanced and can usurp the exact web pages, which makes it more difficult to determine the legitimacy of a link.
Polak told the public that it was not a question of whether it will happen to your business but when.
“Sixty percent of small businesses close within six months of cyber attacks, just like the one you saw today,” said Polak.
He said 90% of these attacks start with a phishing attempt, often an email with a clickable link.
Unsecured networks that have no appropriate firewalls or solid passwords are some ways that hackers have access, Polak said. He said that unhappy employees were another cause of concern.
Attacks on commercial supply chain networks can also cause small businesses, Polak said.
It is important to make software updates for all programs and networks, he said.
Pavlinik said other security measures include multi-factor authentication services and security awareness training.
“These are layers and safety layers,” said Pavlinik. “We superimpose all these different safety technologies on the top, because if there is a failure somewhere in this chain, we have backups on this subject in the sense of something else could block it.”
Lucky Bob could have invested about $ 5,000 a year to get all the protections he needed to build a solid safety layer, Pavlinik said.
“It is advantageous to invest in the cybersecurity front to guarantee your business in relation to legal implications and to go through this process of compromise and violation,” said Pavlinik. “It is always good to prepare and warn instead of repairing and repenting.”
PICTURE
Allan Polak, Storetech SR. de Technology and Aleks Pavlinik, Director of Information Security of Storetech, present in the CIC meeting on April 30, 2025 in Richmond, Virigina / Teresa Moss
Share this:
Related
