Barnstable PD was attacked by a malicious ransomware recently. An incident that could have easily cost them a significant amount of money and a minimum 36 hours to recover, was resolved just in 35 minutes.
Craig Hurwitz, the Director of IT at Barnstable PD shared his experience dealing with the attack and how Reduxio systems played a major role in controlling the situation.
Or read the interview transcription below:
1. Today, As an IT professional, what is it that most concerns you about the rapid and pervasive rise of Ransomware with regards to protecting your organization?
Ransomware and all kinds of attacks are very prevalent these days. You do what you can do to protect yourself and we try to do everything that's possible on our end to do it, but at some point something's going to find its way in. My name's Craig Hurwitz with Barnstable Police Department, the IT director over here.
"It's not a question if something's going to happen, it's a question of when now."
You got to fight the battle and you got to have exit plans for your way out of this. Your options usually with ransomware are to pay the ransom and hopefully the other end's going to be honest on their end and give you the key and you'll get your stuff back or you have to have an alternative plan. You have to have a way to go back, get yourself back to the point before that infection started.
Here, we need our systems up. We need them up all the time. We're a 24/7 operation. Without our computers, we're back to the days of pencil and paper, with police officers calling in on phones and radios trying to find information. Here, we lose our biggest tool which is our computers.
2. Security experts advocate a comprehensive, multi-level approach to preventing security breaches. How realistic are these recommendations for a 130 person organization like Barnstable PD?
There's a lot of things that you can do, a lot of things that you can put in place but where do you stop? Where do you draw the line? There's so much that you can do and there's only so much that we can do here given our limited budget and our time and resources to fight these battles.
Eventually you have to realize that something's going to happen and you need to have your exit plan, how you're going to fight this battle, how you're going to get out of it and how you're going to resolve it, how you're going to get back to your business as normal.
3. In general, what realistically can an IT professional do to minimize downtime / losses due to a ransomware attack?
With our backup compliance here we were doing 4 hour windows of backups. Every 4 hours we'd take a backup. The ransomware can hit you at any point in time during that 4 hours. If you have to go back, what if it happened right before that last backup happened? You lose a whole 4 hours of your data.
You need something that you can go back to any point in time right before the accident or incident happened and just hit the button and go right back to there.
4. Specifically, what have you done on behalf to the Barnstable PD to ensure that the department can continue to serve and protect its citizens.
We've got lots of systems in place to protect ourselves from these types of attacks. We've got firewalls, every endpoint has anti-virus on it, all our servers have anti-virus. Like everybody else, you have backups, you do snapshots of your environment just so you have ways to get back.
Restoring from a backup, it's very cumbersome to move that much data around. It just takes a really long time to get yourself back up on your feet again. Every minute that we're out here, we have people out in the field with their lives on their lines, relying upon that data and that information and you have to do what you have to do here to get everybody back up on the same page as fast as you can.
5. What, specifically, led you to purchase an HX550 from Reduxio?
Without Reduxio, we relied on legacy backup software with legacy storage. It was just spinning disk. Everything's slower, everything's cumbersome, everything was small. We're looking for something that had the capacity and the performance and Reduxio came in and really answered all those questions.
One thing that set Reduxio apart from everything was BackDatingTM, the ability of continual data protection to be able to to back to any moment in time. It just added one more thing to that list of things that were just really wow factors that really sold us on buying the Reduxio on this appliance.
6. Have you been the victim of a ransom attack? Please describe specifically what happened, before, during and after the attack? What was your experience?
Barnstable was a victim of a ransomware attack. It was over Labor Day weekend most recently. We got hit. I got a call around 5:00 in the afternoon after I'd gone home saying everything was down. Logged in, took a look, and sure enough, noticed that our data was getting encrypted and all our systems were going down. We had no access to our data and we had no access to our dispatch or our records management systems.
All the computers in the cars were rendered pretty useless because they couldn't be dispatched anywhere, they couldn't see. None of the case information could be transmitted to them, call information. They didn't have the ability to run plates to look up criminal histories when they're in the cruisers. All our field officers were out. Here in dispatch we can look up criminal histories either, past criminal information. None of our databases were active.
If we needed any information about where somebody was calling from, everything was down at that point.
"We were pretty much dead in the water back to the days of pencil and paper."
That's when Reduxio really played a huge role in this whole situation of recovery. Knew what time it was. I can go back to the exact second. I played it safe, I rolled it back about 10 seconds past the time that we were hit, where I needed to get to. We're actually also able to reconnect our hosts to our data. It looked like nothing ever really happened.
8. How much downtime did the barnstable PD suffer?
If we didn't have Reduxio, the other side of that would've been tremendously long time. We've recovered or restored backups in the past and it's looking at a minimum of 36 hours to get back up and running, just to move that amount of data from a backup appliance back to a host to put all that data in place.
It's extremely long, cumbersome, tedious, and then there's no guarantee either that it's going to work at that point. Then you got to start again, then you're out another 36 hours.
"It's taken our ability to recover from a situation from 36 hours down to minutes. We're talking like 35 minutes from the moment we were attacked to being back up and running again."
8. Having been through this experience, what would you want to share with your IT colleagues?
Having been a victim of a ransomware attack, it's really great to have a tool that's in your tool belt that you can use that will take you to the point in time right before the attack happened, to get yourself right back and get yourself right back up on your feet as quickly as possible without having to worry about backup windows. You know you're there. You know you're continually protected. Your stuff is always there and it's always just at a flick of a dial to get back to it.
"I was extremely happy with the response time and the ability to get ourselves back up on our feet in such a short amount of time."
It was incredible and I was just extremely amazed and happy. Needless to say, the chief was even more happy because those are all these hours that we weren't out, that we were up and were running and that business can get back as usual without having a service outage for 36 plus hours. You never know. We were down and then we came right back up like almost nothing ever happened.
9. How was your experience working with the people from Reduxio?
Working with everybody at Reduxio from top to bottom, from support to sales to engineering to everywhere, everybody in the company has just been an amazingly tremendous help. They've been incredibly polite and pleasant to deal with, extremely knowledgeable. Any question that you have, they'll have the answer for you and if they don't know it, they'll reach out to somebody else and they'll find that answer for you.
Working with Daniel in support, Dmitri with engineering, came in to install the whole system for me. From cabling to even straightening up some of my mess, he came in and cleaned up after me.
"It was like having my mother next to me, working with me."
There was never a problem with anybody in the entire company coming to give you a hand where you need it, and even where you didn't need. If it was something that they didn't do, they'd find the answer for you.