Thread: Sandboxing
View Single Post
  #3 (permalink)  
Old February 27, 2013, 04:30 PM
BlueByte's Avatar
BlueByte BlueByte is offline
Allstar
 
Join Date: Feb 2011
Location: Maynooth
Posts: 540
Default

Before you get to deep here, do you have a backup before the hack? What systems got encrypted(servers, desktops)? I would not be surprised if he has a multiple entry points if he got access to your domain, or at least I would if I hacked into a system. I would be suspecting you touching every device(PC, Printers with any remote access, switches, routers) to make sure(SOOOO Sorry).

I would suspect they are over seas, that's where most of my attacks come from. At this point there is very little you can do, because I would hop through open proxies that are impossible to keep log of to do an attack. Once in I would create an SSL tunnel and then there is even less hope of packet sniffing.

The biggest thing I hope you have are backups. Because you swear and bitch and bite the bullet and wipe everything. Have a company wide meeting explaining what happened. If they want music that badly subscribe to some music service and if anyone is caught downloading from bad sources they are wrote up.

I have been successful a couple of times tracking down the culprit of an attack, but the best you can do if they are in another country is tell their ISP, employer if they were dumb enough to do this at work, cyber crime division. Then from there its out of your hands, if they are nice they will let you know what had happened.

You will be targeted again in a few months by these guys, so make sure you don't make the same mistake again. Don't think you can turn around and hack them, you are a no body to them. They found a weakness in 100,000 machines/firewalls and exploited as many as they could and the targets that looked like they could pay they demanded a ransom.
Reply With Quote