angry email

1. Although I have not filled in the application to officially become [the company] employee, I am still obligated to further the company's interest. I want to share my point of view on the hacking incident that occurred on April 21st, how dire the situation company is in at the moment, and possible solutions moving forward.
2.  
3. Unsafe Logging Practices: Biggest question that needs to be asked in every incident is: 'How?' The IT department fails in this manner by not having the proper procedure to securely log server activity. The logs were kept on the server, which they lost the control of. Due to this, the next line of question become impossible to have an answer on 'When did the servers get infected?' and also 'Are the backups infected as well?'
4.  
5. The possible answers to these questions are as follows:
6. How? IT department does not know how the hackers infiltrated the servers. From an educated guess it is due to an outdated software. I assume Max and Ziggy did not see any evidence of attempt brute forcing on the servers, I believe this hack might have been some sort of injection method to gain root access to the servers.
7. When? This is the most tricky part. Since we don't know when the servers have gotten hacked, we don't know which backups are infected, and how far this goes. Once the IT department restores a back up, there is a high chance the ransomware might reactivate.
8.  
9. Lack of transparency: Something I've noticed in the short time I was at the office this morning, the IT department failed to properly debrief the management about the situation at hand. Such as: Did not characterize the problem as it was, hijacking and subsequent ransoming of the servers. Also failing to properly communicate the ongoing problem solving process by giving vague answers such as 'Loading: 20%'.
10.  
11. I don't see a quick solution to this problem, even if there is one, the problem will persist for quite some time possibly weeks to a month. Simply restoring the server might mean repeated attacks due to the root of the problem -the vulnerability- not being addressed, or not being addressed quickly enough. This may take a while, fixing a vulnerability of this manner requires a rethinking of the architecture of the server itself.
12.  
13. My recommendation:
14.  
15. Solution #1 [The best]: Clean reinstall Windows servers, and any associated software. Reconfigure from ground up. Although the solution will take a lot of manpower hours, this will ensure that the server that will go online uninfected, and quite possibly inadvertently patch some of the vulnerabilities by updating to the latest versions of the software.
16.  
17. Solution #2 [Once back up is restored]: After restoring the back up, do not connect to the internet, block all connections from the internet, and manually create a whitelist of servers you intend to connect to. Although a gamble, could work, assuming that: Back up isn't infected, and could deter further attacks by restricting access.
18.  
19. Solution #3 [Long term]: I would highly recommend switching over to cloud computing such as: Amazon Web Service.
20.  
21. Immediate actions: EMPLOYEES NEED TO CHANGE ALL PASSWORDS
22. It is imperative that a security breach does not create a domino effect. Seeing all the security mishaps that occurred, I deduce that the IT team probably have not properly hashed the passwords/logins on the server. This could mean that if an employee uses a same password to lets say Facebook, they could search up names on facebook and begin to attempt a brute force enter the account. A botnet would take 1 second to enter an account knowing the First name, Last name, and the password of the account. It is quite common in the cyber security realm that a company gets hacked, and then all the employees get hacked as well.
23.  
24. While on the topic: Website needs to be secure [See Attachment]. Makes people skeptical about filling out a contact form as it can be intercepted. 'Direction' menu option from the front page of the website is an animated picture with nothing else attached to it. Not sure if intended, but the European side of the website uses the initials "UE". Over all not impressive in terms of looks, design, and usability.
25.  
26. Kind Regards,
27. Zaya