Listen to this article in PodCast Format
Client Background
Our client is a well-established architecture firm located in downtown Honolulu. Their business relies heavily on digital tools, such as file storage and collaboration software, to manage projects and deliver client results efficiently.
The Challenge
In 2017, the firm experienced a crippling ransomware attack that encrypted all data on their Windows Server 2008. When Cowabunga Computers was called in, the client believed all their files were lost and had no reliable backups. After assessing the situation, we discovered that the entry point for the ransomware was an open RDP (Remote Desktop Protocol) port left unsecured by their former IT provider. To make matters worse, the client’s previous IT team had failed to produce a recoverable backup.
While cleaning the server of malware, we launched a thorough search for any remnants of backup data. Surprisingly, we uncovered a hidden backup on an external hard drive’s hidden partition—something no one was aware of. Extracting the data onto a new, clean computer, we restored their files and got them operational once again.
Despite our recommendations to close the open RDP port and upgrade the aging server, the client chose to stay with their existing IT provider due to budget constraints.
Fast Forward to 2023
In April 2023, the architecture firm reached out again. This time, they had been hit by yet another ransomware attack, targeting the same server through the same unsecured RDP port. However, unlike before, the attackers encrypted their backup drive as well.
Responding promptly at 6 a.m. on a Saturday, our team assessed the damage. Fortunately, this time, the client had a cloud backup that had remained untouched. While the data was recoverable, restoring files from the cloud is a time-intensive process. We assisted in migrating their file shares from the cloud backup and decommissioned the compromised server.
This incident marked a turning point for the client—they opted to move to Cowabunga Computers’ Managed Services plan. We immediately re-imaged all infected devices, migrated their email, file storage, and collaboration tools to Microsoft 365, including OneDrive and SharePoint. We also secured their network with a robust firewall, closed the RDP vulnerability, and began actively managing their antivirus, patching, and helpdesk needs.
The Solution
- Malware cleanup and recovery from ransomware attack
- Discovery of hidden backups and restoration of data
- Migration from legacy server to Microsoft 365 (SharePoint and OneDrive)
- Decommissioning of compromised infrastructure
- Implementation of a secure firewall to protect the network
- Ongoing antivirus, patching, and helpdesk support under Managed Services
Results
Since partnering with Cowabunga Computers, the client’s network has been fortified against future threats, with proactive security measures in place. Productivity has also improved, thanks to the migration to Microsoft 365, which provides seamless collaboration tools. The client now has peace of mind, knowing their data is safe and their IT needs are fully managed by a trusted partner.
Conclusion
This case demonstrates the importance of securing your network and being proactive about IT management. A single open RDP port exposed this architecture firm to significant risks—not once but twice. By choosing Cowabunga Computers’ Managed Services, they now have a reliable, secure IT infrastructure that allows them to focus on their business rather than IT issues.