We had an incident on 7/14/2020 where a technicians PC was hacked and Simple Help was used to deploy the sodinokibi ransomware to all PCs connected to Access. About 700 PCs. Also the same PC had access to our cloud managed Avast Cloudcare. This was also hacked and all end point protection was turned off before before sodinokibi was deployed. I have been trying to discuss this with Simple Help but so far they refuse to call me back. I have to make a choice between securing Simple Help or abandon it. My preference is to keep it, but I need a few solutions.
- I need to make sure all technicians are automatically logged out after x amount of hours
- I need engineering to provide some insight into how the backend script was run and what we can do to limit a technician so that a script can only be run against ‘access’ computers that he is connected to. Currently it is obvious that a script can be run against all 700 computers at one time. Can’t have that
- We also have to figure out how the Simple Help log was deleted.