You MUST have adequate disaster recovery mechanisms in place.

by Wally Moore

on February 22, 2016

in blog, Disaster Recovery

“You MUST have adequate disaster recovery mechanisms in place. A Datto Siris would have prevented the damage and had them (Hollywood Presbyterian Medical Center) back up in 5 minutes.”

Disaster Recovery

This was our first thought when we read about a hospital paying $17,000.00 in ransomware, or as the hospital put it: "The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key," said Allen Stefanek, president of Hollywood Presbyterian Medical Center, in a statement. "In the best interest of restoring normal operations, we did this.

Never should have happened

It’s unclear how the ransomware was installed on the hospital’s network in the first place. But if Hollywood Presbyterian would have employed, tested and immediately used a Datto Siris, this shut down never would have happened.

Our sales pitch

Thousands of businesses like yours rely on Datto Siris to ensure that their data is secure and always available. Siris goes beyond simple backup to provide true business continuity. You can count on Siris to keep your business running, even in the face of computer hardware failure, malware or natural disasters.

Ransomware is a type of malware

So-called ransomware is a type of malware and can be spread to computer networks when unwitting users click on attachments sent by hackers that look legitimate, or visiting a compromised website. By clicking on an attachment in the fraudulent email, a user can potentially download ransomware that locks down the computer and then asks for a ransom to unlock the machine.


As an information technology (IT) company, DTS InfoTech resolves problems for customers who get themselves into trouble with fraudulent attached documents. It doesn’t happen all the time (and we’ve never dealt with a severe issue like Hollywood Presbyterian has) but often enough for us to know that people are tricked, regularly, by illegitimate emails that arrive in their Inbox, with attached documents that are fake.

Recently I received this email . . .

Subject: My Resume

Good day!

I noticed your website today Fri, 22 May 2015 and found it very likeable. I was hoping there was any possibility of internship or unpaid trial period, just to prove my competence.

As you will see in my attached resume, I am very qualified and have a very broad experience in this type of work. I am very confident it will be worth your time reading it, and I am even more confident you will find me very fitting in your enterprise.

Please see my resume.

I am very much looking forward to hearing from you.

With gratitude,

Sent from my iPhone

I was almost tricked

Maintaining our company website is my responsibility. So when I read this email, I was interested in their offer from a practical stand point. But truth be told, there was an emotional hook, they mentioned how they found our site very likeable. I thought, “Hey, someone likes our site. I’m doing my job!” I like comments that validate what I do, even if it’s not true. And therein lies the trick, the emotional hook. They offered to intern on an unpaid trial period just to prove their competence. Unpaid? Heck, I almost opened the attachment on that alone.

Getting people to open emails

To understate the obvious, opening an infected attachment can ruin your whole day. It may cost your company money to fix it and it will most definitely cost you in the time you lose having to deal with it.

Did you know that there is an entire industry devoted to getting people to open emails? It’s true.

Google this phrase: get people to open emails. You’ll get about 157,000,000 (that’s MILLION) results in 0.73 seconds. Some of those search results are from very reputable companies that I follow for marketing advice.

What’s the point?

There are a lot of very intelligent people working all the time on getting you to open emails. They think in terms of strategy. They test it, they make tweaks after testing and they test again. They are very talented and bright professionals in the business of getting people to open emails. They know how to tug on the strings of your heart, and emotions, so you will open the email, click on the attachment and read it.

The people and companies I just mentioned are reputable and professional, the good guys.

It’s the bad guys

Emails that are illegitimate, with attached documents that are fake, are so prevalent that we want to help you spot them in your Inbox. That said, here are a few tips from Dan Neuwirth, owner of DTS InfoTech:

One key indicator that should give you pause is the “heartstring” test. If you are immediately drawn to opening an attachment from an unknown sender because the content tugs at your heart, step back from the mouse for a minute. You know the type: “the IRS is about to arrest you”, “the FBI has found bad stuff on your computer”, “Please print the attached FedEx invoice”, and the legendary Ms. Sage Okopo from Namibia has been looking all over the world and has found you reputable and would like to discuss entrusting you with her sum of $50 million.

You laugh, but it’s because you’ve seen all these at one point or another yourself.

Some of you have opened the attachments.

Whenever I’m asking myself if an e-mail is legitimate, or desirable, I also look for clues (markers) that bias me either toward or away from it. The original e-mail (referenced above) sends up several clues that I shouldn’t open the attached document.
1. No one in the United States would write “Fri, 22 May 2015”. Even if it were a human, they would spell out “Friday”. This date was injected by a computer.
2. The date format suggests they’re not in the US, wouldn’t be a good fit anyway.
3. The e-mail is very generic. As I mentioned to a customer of ours, on a different (but similar) e-mail this morning, this e-mail could be sent to any thousands of people in any industry, and would appear to “fit”. That’s actually a clue to its illegitimacy.
4. The e-mail is “Sent from my iPhone” but has a Word document attachment. iPhones would generally be an unusual choice of device from which to edit or send a Word document.
5. The resume has a generic file name (“My_Resume_11779.doc”). Anyone credible would have named the file their own name, knowing that HR departments probably just toss the files into a folder. There would be nothing to identify the person if this doc was separated from the e-mail.
6. The e-mail sender’s name, signature, or “From” address don’t match. For example, the above e-mail came from Bob Smith (
7. (Now doing this on a disconnected system we use for quarantining purposes) the file, when opened, immediately flags a Macro Alert in Office. For this exact reason, Office 2010 and newer versions disallow macros (programming in documents) by default—the user must “opt in” in order to have the macros work. When you click the default of “Disable”, you just see a standard Word document text that says something to the tune of “oh, you need to make sure you enable Macros because this is a very secured document and you can’t just use a viewer on it …” or something to that effect. This would be highly unusual for a resume where the author would want to have it seen by many people as easily as possible.

Best practices

What’s the best things you can do to prevent an infection on your PC from illegitimate emails? Use your head!

1.When you receive an email, be vigilant, take your time and think about what you are reading. You don’t need     experts, or special training to do this. Right?
2.Be alert. Do you know the sender? Read the Subject Line. What is it really saying?
3.Do not download and install anything you do not understand, or trust.
4.Download files only from trusted sources.
5.Maintain your computer and keep it up to date.
6.Install anti-virus software and keep it up to date.
7.Use complex passwords. Read this article on creating passwords.

Take me back to Disaster Recovery.

When in doubt

WARNING! The following is a personal opinion.
When I delete a suspicious email I never worry about it. If it’s really that important, the person who sent it will contact me when I don’t respond.
Over many years and literally thousands of unopened deleted emails, not once have I regretted it. Not once.

Dedicated to your success,

Wally Moore
General Manager and Compliance Officer
DTS InfoTech . . . computer networks that work