PHILIPSBURG:--- Aurora InfoTech in its report to NV GEBE made it clear in its cover letter that they were unable to clearly state that the cyber attack on NV GEBE was conducted by the Black Byte Ransomware hackers on March 16th, 2022.
Aurora said that because NV GEBE IT Department reset the firewalls and reinstalled the servers and workstations most of the forensic data were lost as such, they were not able to fully determine if it was the Black Byte.
They made clear that the resetting of the firewalls and reinstalling of the servers were done prior to them being contacted and contracted. GEBE indicated to Aurora that they suspected something had happened on March 16th but on March 17th was when they realized that their data were encrypted.
Further in the report, Aurora said in their professional opinion the servers of NV GEBE were infiltrated by the Black Byte ransomware attack. Aurora further explained that GEBE had no security in place at the time of the attack and not even patch management was done while there was limited security protection on the server endpoints or firewalls. Security subscriptions had expired which was combined with GEBE’s limited resources and cyber security knowledge.
Besides the lack of proper IT management, tools, and cyber security insurance, the IT department has been described as a total disaster by Aurora InfoTech. The cabling was hanging all over behind the racks and they were not labeled. These are only some of the findings in the report.
Aurora said GEBE basically misled the prosecutor's office when they were approached and asked about the safety of the SCADA networks and digital forensics. They assured the prosecutor's Office that the SCADA runs on a separate network and it did not share or were integrated with the IT network impacted by the ransomware attack. They further informed the Dutch detectives that their timing did not permit a forensic investigation and that all efforts are geared towards the rebuilding of the systems and reopening to the public. Aurora later discovered that the SCADA system was in fact running separately but was sharing a pair of network switches and fiber optic backbone segments that impacted the IT network.
While the report is damning for NV GEBE it should be noted that persons reading the report must bear in mind that the objective of the report is to make the badly managed company look bad while pro-rating Aurora InfoTech. This is a general practice of all cyber security companies especially when companies do not adhere to cyber security policies and best practices.
Had GEBE conducted their own internal audits or had the IT department audited by an external company they would have seen what they had on its hands and better prepared for any type of ransomware attacks.
Aurora went into details on how they were contracted, the work they performed by using cyber security tools, and the outcome of their investigation.
They said that because the Black Byte infiltration has impacted and encrypted files on over 55 servers, and 168 workstations, including the company’s enterprise resource planning system and its data backup solution Microsoft Data Protection.
Aurora said that while investigating they found out that NV GEBE used the same local administrator and passwords on all their computers while company computers that are off-premises were also not protected.
