Steve Silver Co. was hit by ransomware in August and has one recommendation for the growing number of home furnishings operations at risk of attack
FORNEY, Texas — Steve Silver has some advice for home furnishings companies that are facing the kind of ransomware attack that struck his company in August:
Don’t go it alone.
The attack on whole-home furniture resource Steve Silver Co. came in the middle of the night in late August. The attacker wanted $150,000 in bitcoin to unlock everything. That amount was negotiated down, and owner and President Silver considers himself fortunate the demand wasn’t for more, as he’s heard of other cases in the industry since then where the demands have stretched to seven figures.
It was painful in more ways than one. Lost time, lost sales and system repairs that continue today. But in the end, Silver said the company came through it in good shape thanks to some inside and outside help.
“The damage was severe,” he said. And by that, he doesn’t mean the financial damage as much as the operational damage — damage to the software system that was near the end of its life and in the process of being replaced, damage to computers and printers, some of which still don’t function properly.
“They didn’t just give us the keys and it all rebooted just like that,” he said. “There was tons and tons of work that needed to be done.
“We had some really smart people working on it and they basically saved us. I would not recommend others deal with the bad actors or try to fix anything on their own. You have to have (experts ) in place, or this kind of catastrophe puts you at a big disadvantage.”
Here’s a bit more detail on how it played out for Steve Silver. The attack came in the middle of the night on Friday, Aug. 21, a date that’s seared into Chief Information Officer Scott McCann’s memory. He came into the office Saturday morning to find the system locked down and a $150,000 ransom demand from an unknown intruder on his computer. To protect against power outages or similar problems, Steve Silver had put in place some manual backup protocols, which came in handy early on during this crisis, enabling the company to keep goods flowing in and out of its warehouse at least through Monday. Regular business operations were halted the following day and didn’t fully resume until Silver’s systems were back up and mostly running by Friday.
The ransom demand was negotiated down to about half, but Silver noted the company didn’t have anything to do with that. Instead, it was the experts it called in who worked with McCann and his IT team to help save the day — CyberSecOp out of New York.
Asked how the company chose this cyber security consulting firm, McCann said it was simply through a “desperate, desperate Google search” in the middle of the night, but it turned into the stroke of luck the company needed. “We found them,” Silver said. “We put our trust in them, and they came through for us.”
And that takes a while. Silver said his business was about 90% operational after a week to 10 days and long hours by McCann and others on the team to restore everything. Without bringing in a company like CyberSecOp, though, it would have been much worse, he said. Trouble can compound quickly if an affected company unskilled in these types of situations tries to deal directly with the cyber intruder.
If you start by trying to negotiate with them on your own and then end up calling in the FBI, you lose a week, which can quickly turn into two weeks, if not more, Silver said. If you try to pay the bitcoin yourself, you risk a second hack from someone hacking a bitcoin purse and more problems, including the possibility of having to pay the ransom a second time. That’s more time, more money lost.
“We’re getting 20 to 50 containers a day here,” Silver said. “If you can’t unload them. If you can’t process stuff and ship it back out again, it doesn’t take very long for things to become log jammed. It just becomes harder every day to get out of the situation.”
So his one piece of advice: call in help and preferably call it in for a preventive consult before the house is on fire.
“If we had to go through it all over again, I wish that we would have had a relationship with (CyberSecOp) beforehand,” he said. I’ve given their name to (friends and competitors) and they have used them.”
Several sources have told Home News Now cyber attacks are a growing problem for the industry. Few have spoken on the record about it, but last month, Century Furniture confirmed it recently dealt with an attack that temporarily crippled its communications channels, though declined to say if a ransom was involved.
“If you don’t have the right help and the right partner to fix the situation, it could put you out of business,” Silver contended. “If we had gone another two or three weeks, I don’t know what would have happened. The banks are not supportive,” he said. And the government’s recommendation, McCann added, is simply not to pay the bad guys — not the most helpful response to a business desperately trying to get back to work.
Walker at CyberSecOp, said ransomware and other cyber attacks aren’t just a problem for the furniture industry, but he confirmed it’s a growing one. In the past three months, his firm has been involved with 20 furniture businesses, and he estimated that’s up about 80% from the same time last year.
He offered some advice on how to safeguard against attacks:
Be alert to phishing schemes and be careful with remote access tools. Phishing is a form of email threat actors send out to steal passwords or send malicious code they then use to exploit and gain access to system networks. And remote access tools, often built into operating systems, such as Microsoft Windows, enable users to log into company systems remotely but can be vulnerable to attack.
Walker recommends companies implement email protection gateway products such as Mimecast if they haven’t done so already. And never use remote access tools over a public IP or public IP addresses, he said. Only use them over a VPN, or virtual private network.
Think about contacting an MSSP ( Managed Security Service Provider) like his firm to implement “manage, and response” services.
“Basically they deploy advanced endpoint protection … to aid in the monitoring and defense against threat actors, ransomware or (those) just looking to steal information (data loss),” he said.
An MSSP firm offering these services will monitor clients’ systems 24-7, which is important, as “threat actors usually strike at night when you’re asleep,” Walker said.
And what if you’re already been attacked and it’s too late to go the preventative route? Walker said it’s still important to reach out to an MSSP, just as Steve Silver Co. did to determine how the company was breached and to help with the recovery process and “getting the system back online as soon as possible without making the problem worse.”
Walker said his firm has had success reducing the size of ransom payment by 50% to 70% of the original demand and sometimes by more.
Back in Texas, Silver said it’s difficult to estimate the overall cost of the attack on his business, but if he had to throw out a number, it would be about $1 million, even though the actual ransom payment was halved — figuring for lost sales, lost time, the delay in installing an updated software system, the ransom, the cost of the consulting firm, and more.
“But considering the bad situation we were in, we came out of it really well,” he said.