Pyramid Mountain Lumber database gets infected with Ransomware


On March 15th, 2018 the entire network of Pyramid Mountain Lumber got infected with ransomware resulting in the encryption of all the files in the database. The cyber crooks who inducted the malware are said to have demanded more than $10,000 worth of bitcoins cryptocurrency in exchange for the decryption key.

But the IT staff of the Montana based company which produces and sells Lumber products were not willing to bow to the demands of the cybercriminals and so started rebuilding the three network servers as well as 4 workstations from scratch.
Most of the critical data were backed up and so the consequences of the cyber attack might be minimal.

But Mark Meissner, the network administrator of the Pyramid Mountain Lumber confirmed that all the historical data could be lost as it was not attached to the data continuity plan.
Meissner added that a week before the attack, some files went missing from the database and suddenly the new form of software started to appear. He deleted the new software and tried to replace few of the missing files.

The same situation was repeated the next day and then Mark Meissner decided to create a disk image of the database in order to prepare for the worst.

As expected by Meissner who is also a Microsoft Certified Engineer, the situation turned sour on March 15th, 2018 when one of the systems at the mill started to show signs of a malware attack. It was rebooting on its own and a black screen was appearing on with a message saying “Your Files have been encrypted”.

All three servers- the domain controller, the maintenance database and the financial server were compromised by the end of the day. And programs related to payrolls went missing from the servers. Thus, data related to accounts which are payable, sales, client information, accounts receivable was encrypted.

However, the server that runs log programs, the machine centers and the rest of the 30 workstations remained unaffected as they were shut down as soon as the ransomware attack was detected.

The attack was reported to the Missoula Country Sheriffs office on Friday and more details related to the attack are awaited!

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display