Business is getting back to normal at Wendell’s Furniture in Colchester, with the Vermont retailer saying Wednesday it has just about finished digging out from a cyber-crime nightmare that has caused headaches for several weeks.
“We found some chinks in our IT armor,” acknowledged second-generation Wendell’s owner Ryan Farrell.
Farrell declined to give a specific number but said he paid several thousand dollars in ransom after scammers infected his store’s computer network with malware—basically holding his operations hostage.
“We really didn’t feel as though we had an option,” Farrell said of the decision to pay the ransom.
The good news, Farrell said, is that customer credit card numbers are not stored on the computers at his business, so they are safe.
However, the store did lose access to a database of pending furniture orders, leaving staffers manually piecing together info, which has slowed down deliveries.
“New customers will have no impact whatsoever,” Farrell told necn.
“Anyone is susceptible to this,” observed Jon Rajewski, a digital forensic examiner and professor at Champlain College’s Leahy Center for Digital Investigation.
Rajewski said crooks often sneak ransomware onto computers using tricky emails, so he tells people to think seriously about clicking on questionable links.
Rajewski said he would also like to see people keep their anti-virus software updated, and to have data backed up on a drive or the cloud that’s disconnected from the main system—so the backup can’t also be compromised.
As to whether or not you should pay a ransom, Rajewski told necn law enforcement often warns that doing so could embolden criminals, but he knows many businesses feel squeezed.
“If you’re a small business that relies on a database that has all of your customer information in it, and that’s been compromised and ransomware and encrypted—and you don’t have a backup—you have to make a decision that’s best for your business and organization,” Rajewski said.
Wendell’s said it’s grateful for its customers’ patience and understanding and said it appreciates the support it has received from its tight-knit Vermont community.
The furniture store added that it has already beefed up its IT infrastructure, hoping to avoid a repeat of this ransomware attack in the future.