The Global Ransomware Epidemic is Evolving and Getting Worse… First, US Cities, Now Major Cities in Canada. Are Europe or Asia Next?

No Gravatar

As we’ve been writing about for much of this past year, hackers have hit dozens of municipalities in the U.S. so far; demanding ransom from various municipal departments, schools and even police departments – how brazen is that?!?  A recent article in The Star about a week ago showed us that, although the U.S. attacks are getting most of the press, Canadian municipalities are not immune to being hit themselves, with ransomware victims including a multitude of locations including Stratford, Wasaga Beach and, more recently, Toronto!

It was revealed last month by Toronto’s auditor general report that two of the city’s entities / departments were reportedly attacked by ransomware, compromising their systems.  Unfortunately, because protocols were not put in place, for both situations, the incidents were NOT communicated to the city’s CIO.  This has set off alarm bells at city hall and has triggered recommendations for stronger safeguards as it has exposed the vulnerabilities that Toronto’s systems have to hacker attacks.

Thankfully, the city’s main digital backbone was not compromised, but the attacks have spurred audit committee members to urge the acceleration of the development of notification protocols and steps to improve existing safeguards.  As a result, the city will create a new CISO position to oversee Toronto’s defences to attacks, and will include bolstering in-house security infrastructure and hiring private-sector experts to provide MSP services.  This is all well and good and is a positive sign that municipalities are starting to heed the warnings and are taking steps to protect themselves from what is seemingly an almost inevitable occurrence for potentially all cities.  

The whole ransomware epidemic has been rapidly evolving over time and we believe it will go beyond just the US and Canada. Our continued advice to all municipalities is to “get prepared”.   Hackers are now focused on municipalities, locking up their systems and causing more damage for a lot more people, because this often includes taking down essential municipal services. As a result, the desirability to just pay the ransom, in order to get services back as soon as possible, is very appealing to many of these  municipal victims, despite more than 225 U.S. mayors recently signing a resolution not to pay ransoms to hackers.  The jury is still out on whether this resolution will hold because the potential costs for not paying has been seen to be very steep.  For example, Baltimore refused hacker’s demands for $75K worth of bitcoin and now faces remediation costs of more than $18MM in order to get their systems back on line and to repair damages done.  

At Wedge, we’ve kept track of how the ransomware epidemic has evolved and progressed to where it is now and we consistently encourage Detection and Blocking as a solution to this epidemic.  We applaud the municipalities that are taking a proactive approach to protecting themselves; following the suggested advice of providing staff training for identifying potential phishing emails as well as what to do in the event of an attack, keeping full ‘out-of-band’ backups, continual assessment of weak points, updating and patching systems, and looking to network security solutions that provide real-time protection and remediation.  

At the same time, we continue to stress that real-time protection is a key part of the solution.  If municipalities can PREVENT an attack before it happens, they will be able to save themselves the headaches of having to go through the whole remediation process.  Wedge’s Advanced Malware Blocker, with its Deep Content Inspection and orchestrated threat management of industry-best-of-breed malware heuristics and artificial intelligence can detect and block ransomware and other malware in real-time!  In the ever-evolving ransomware epidemic, prevention has always been the one constant that can actually save an organization time and resources.  So, for our Canadian municipalities who are continuing their battle against ransomware, feel free to try WedgeAMB for FREE on a 90 day trial or contact our team at: info@wedgenetworks.com to learn more.

Posted in Industry News, Latest Security News, Wedge Channel Partner Forum, Wedge News | Tagged , , , , , , , | Leave a comment

The Numbers Are In… Were YOU One of the Victims? How Are YOU Protecting Yourself?

No Gravatar

Our CFO Rob Fong placed this article by CPO Magazine on my desk and in it, the latest cyber attack numbers are in. From the article, according to a new report from the Internet Society’s Online Trust Alliance (OTA), their Cyber Incident & Breach Trends Report shows that cyber crime became a $45Bn industry in 2018.  

The numbers are staggering.  To put this in perspective, although the number of overall incidents of cybercrime have actually decreased in almost all areas, the $45Bn stolen in 2018 represents over 1/3 of the TOTAL losses from cyber crime since 2013!  As presented in an earlier blog, although ransomware saw a downturn in overall incidents, losses actually rose by 60%!  The big trend that is becoming more apparent is that cyber criminals are moving away from the quantity of indiscriminate attacks against a lot of individuals and are focusing their attacks more specifically at businesses and organizations (such as municipalities and other government agencies) that they perceive to have more significant resources.  We’ve seen the marked increase in ransomware attacks on municipalities and have blogged many many times about it.  The big increases included ransomware and business email compromises (which itself skyrocketed from $677MM in 2017 to $12.5Bn in 2018!)

The big takeaway from the above is that a) cyber crime trends are up, b) hackers are honing in where they can get their biggest kill c) organizational readiness for dealing with these attacks remains dismal – of all the attacks that were perpetrated, “95% of these attacks were determined to be preventable”.  And that’s the rub.  Organizations are continuously behind the eight ball when it comes to attacks.  Most of them continue to follow the Detect and Remediate way of doing things; with their security systems detecting attacks after they’ve already happened.  Of course, this leads to expensive clean up and remediation efforts, which have just added to the 2018 totals.

At Wedge, we’re trying our hardest to do our part in trying to get these numbers down by continually evangelizing our “Detect and Block” approach.  We always feel  that if you can prevent your organization from being a victim, you’ll save a ton of money in the long run!  So, how are you protecting yourself?  If you haven’t taken us up on our FREE 90 Day trial of our Wedge Advanced Malware Blocker, that uses Deep Content Inspection, along with Orchestrated Threat Management using best-of-breed security solutions and AI to detect and block ALL malware in real-time, what are you waiting for?  Contact us at:info@wedgenetworks.com so that you don’t become one of the 2019 statistic!!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , | Leave a comment

The Ransomware Scourge Continues. “To Pay or Not to Pay” is not the answer. GET YOURSELF PREPARED is!

No Gravatar

The number of ransomware victims continues to mount with CNN reporting that attacks on cities continue to rise.  Law enforcement officials continue to warn against paying ransoms.  Security experts continue to suggest that even if victims pay their ransom, there is no guarantee that the victim’s data will be decrypted, and if it is, there’s also no guarantee that the data hasn’t been tainted or corrupted.   Meanwhile, insurance companies are now a factor as they are looking to minimize the damages that they have to pay out as an insurer in order to get their client organizations back up and running; even if it means that they pay the ransom.  Two very opposite stances.  One is taking the long-term view, “DO NOT PAY” trying to disincentivize hackers by taking away their quick score, while the other is taking the short-term view, or “PAY” out now so to minimize overall damage costs. 

And so, the debate rages on as to what is the proper response when an organization is hit.   A prime case came to light just recently as, just days after the Conference of Mayors passed a resolution opposing the payment of ransoms by cities, La Porte County in Indiana  did just the opposite; paying out ransom to the tune of $130K after their systems had been hit.  Granted, in this case, the county will pay about $30K, while its insurer will pay the remainder of the ransom.  The decision was also made after it was determined that the FBI’s own decryption software was unable to unlock the encrypted data.  Putting aside the ethics of the decision, La Porte made their decision from a cost perspective as other governments who declined to pay their ransoms ended up incurring a much heavier cost than the ransom that was demanded.  As an example, the city of Baltimore declined to pay their ransom demand of $76K and it is now estimated that the city will end up spending over $10MM in order to fully restore its computer network, not to mention that it is estimated that they have lost revenues amounting to around the same amount as a direct consequence of the attack. 

Regardless of the side of the debate that is appropriate to your situation, this is the new reality for IT Security teams in cities, government departments and other organizations around the world who have become the targets of hackers looking to make and easy score. The unfortunate thing is that attacks have been increasing against cities as of late because it is clear that cities are ill-prepared or typically underfunded to deal with these types of emergencies.  We’re seeing that it’s not only the big cities and states that are being affected but the smaller municipalities and counties being taken down as well.  Any organization that relies on a critical system or database in order to operate and that is typically known to be under protected, is ripe for the picking. 

Meanwhile, as the debate continues, what a lot of people don’t realize is that the best way to handle the scourge of ransomware is neither paying or not paying, it is to ensure that preventative measures are put in place to safeguard against an attack happening in the first place!  We’ve blogged about the bare minimum that organizations should do in order to protect themselves, especially when budgets are tight.  When it comes down to it, even with tight budgets, organizations can still put some measures in place since, as ALL cases have shown, it is ALWAYS much cheaper to prevent an attack than it is to have to remediate it after the fact. 

Preventative solutions is where Wedge comes in. The Wedge Advanced Malware Blocker product is a prime example of real-time security that has been proven to be effective in blocking ALL advanced attacks, ransomware, zero days and never-before-seen malware  BEFORE they can make their way to the vulnerable endpoints.  With our patented Deep Content Inspection, that can see ALL content going through the network, orchestrated with the industry’s best-of-breed security services and Artificial Intelligence / Machine Learning that detects and blocks all attacks and that helps us to keep several steps ahead of the hackers, organizations have a real choice in how they want to deal with the possibility of ransomware attacks.  Best of all, Wedge provides a FREE 90 day trial of the WedgeAMB product to anyone who is interested in seeing how it works for themselves!  As always, contact our team at: info@wedgenetworks.com to learn more!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , | Leave a comment

Scary Story of the Day: Security Vendors Know That Their Products Don’t Work. Getting SIEMFed and What Should a CISO Do?

No Gravatar

An interesting ZDNet article by @ChrisMatyszczyk was forwarded to me recently that made me shudder.  In it, the author relates a story of how, as he was golfing, he came across a security software salesman (from a company quite well known in its field) that casually admitted to him that the security software he sold “doesn’t work”.  The author went on to provide the reasoning that the salesman gave in that the hackers are always one step ahead and that for every piece of software, old or new, out there, there is always some small opening through which a hacker can enter.  To justify himself, he felt that since his company’s software was “pretty good”, compared to most others, he didn’t feel bad about selling it, despite the fact that it “didn’t work”. 

While it is impossible to conclude anything, based on one conversation, the salesman’s remarks provide a couple of insights that I felt are worthy of a blog.  Being in the industry for as long as I have, I do realize that there are some companies out there, fairly respected ones at that, who continue putting out solutions based on older and less effective technologies.  The first insight is that in many of these cases, it is the same base technology, that has gained them the market share, which is also the technology that limits them; making it almost impossible to stay at the cutting edge.  But the second, more powerful insight, is that hackers seem to always be a couple of steps ahead. There is a reason for that, and it is surprisingly tied to the first insight, as you will equally conclude.  

There was another article that cropped up on Threatpost recently that showed how bad it has become for IT managers.   According to the research report quoted in the article, “In a survey of 3,100 IT managers across 12 countries (at organizations with 100 to 5,000 employees), two out of three of them said their organizations (68 percent) suffered a cyberattack in 2018, despite efforts to prevent them. This, despite the fact that a full 26 percent of IT’s time, on average, is spent on cybersecurity issues.”  Also, in the article was a statistic that stated:  “Nine out of 10 (91 percent) of the respondents said they were running up-to-date cybersecurity protections at the time of a successful attack.” These are both depressing and distressing figures, especially when we know that there are solutions out there that WORK and that can help prevent such attacks.  Using a military analogy, on some bad days, as a security practitioner, it sometimes feel that we are fighting a guerilla warfare with a regimented army where you have a huge weight to pull along.  The tools do not respond well; there are thousands of SIEM records flying by, leading to SIEM Fatigue (internally we call it getting SIEMFed) and it leads to just brutal analysis paralysis!   

So, while on the surface, the salesman’s comment might put a damper on those of us who are truly putting out cutting edge technology that DOES WORK, because the more established players have the larger footprint, no one blames the CISO for buying their product.  Even worse, the fact is that they can market-their-way over new innovation!  And THIS is exactly what I love about security startups and is the primary reason why I have always worked with them.  

While the old guard continues to go along their merry way, patching their solution here and there in order to keep up with the more ground-breaking advances that are being made; smaller and more nimble security startup companies have the drive, the innovation, and more importantly, the agility that can match and respond to these hackers.  It is so fulfilling to see the impact of these cutting edge innovations and their instant impact.  Thus, my message to our fellow CISOs cannot be any clearer – true, no one gets blamed for purchasing an established toolkit, but you have to also remember that you shouldn’t just bet on one set of tools.  You need to ensure that you make room in your budget for the up and coming innovations.  Take advantage of these startup companies’ agility and eagerness to earn your business and to ultimately bolster your security. 

At Wedge Networks, what drives us day in and day out is the belief that our approach is disruptive to the industry.  We’ve always firmly adhered to the Detect and Block approach, despite most of the industry resigning themselves to cater to Detect and Remediate.  The thing is, as we’ve seen especially recently with the spate of ransomware attacks and advanced threats that have become the norm, Detect and Remediate is and always will be the more expensive way of doing things.  That’s why we’ve always focused our solution on PREVENTION.  If we can STOP attacks in the network before they can reach endpoints, the battle is already half won!   

But beyond the products and technologies, we have always maintained the startup culture – and yes, working with my very capable team – we have continually made decisions that often led our product to be re-engineered from the ground up.  This has its advantages, as we’ve been able to remain quite nimble; allowing us to stay at the cutting edge. Wedge’s core patented technology has been based around Deep Content Inspection, Orchestration, and hyper-streaming.  We’ve always believed that what you can’t see, you can’t catch.  While other companies had focused on deep packet inspection, Wedge looked ahead and instead focused on better ways that we could inspect traffic; ultimately patenting our Deep Content Inspection technology. The way that we can SEE content flowing through the network has always been one of our main selling points.  Combining this with the orchestration of the industry’s best-of-breed security services, along with AI and machine learning, has enabled us to keep our solution “Evergreen”.  We know that technologies can get old and dated so, with our open bus platform, and our team’s agility, we decided to continually integrate the cutting edge technologies that were leading to better solutions that worked.  We can continually add on the latest and greatest technologies into our platform, allowing us to stay several steps ahead of the game.  Finally, our patented hyper-streaming technologies such as SubSonic and GreenStream, allows us to do all of the above in real-time, which is what is needed to truly Detect and Block advanced threats as they’re hitting the network.   And now, we’re one of the first to incorporate at the network level, what I believe is the latest game changer – Artificial intelligence – but that is worth another series of blogs just by itself. 

Thus, assuming the story holds true, unless you want to pay for extra rounds of golf for the salesman out there who continues to sell a product that “doesn’t work”, I recommend that CISOs try out solutions and products in the industry that truly DO work.  We are so sure of the effectiveness of our product that we even offer our Wedge Advanced Malware Blocker (WedgeAMB) on a FREE 90 day trial.  Contact our team at: info@wedgenetworks.com to learn more about a truly effective solution!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , | Leave a comment

Healthcare Services are Primed to be Hit By WannaCry Again: What Can They Do to Protect Themselves?

No Gravatar

There have been a multitude of articles hitting the news as of late, sounding the alarm for Healthcare Services and related organizations to make sure that they have secured themselves as it looks like the WannaCry malware is making a comeback with hackers looking for a quick and easy payday.  Although the WannaCry cyberattack first hit worldwide over two years ago, many experts are saying that “institutions have not done enough to protect themselves against a repeat.  And that’s especially true in the healthcare sector.” 

For example, a report out this week by the Imperial College of London’s Institute of Global Health Innovation (IGHI), says that despite WannaCry having a financial cost to the UK’s National Health Service (NHS) of more than $100MM, hospitals in that country “remain vulnerable to cyber attack, and must take urgent steps to defend against threats which could risk the safety of patients.”  This is unfortunate as the defence against WannaCry and other ransomware is fairly straightforward for organizations to put in place.  Namely, keep equipment up to date, patch software and provide training and awareness to users while making sure the skills of IT staff are continuously maintained.  However, the lack of investment and training by Healthcare organizations is alarming, especially in light of attacks such as WannaCry in 2017, which should have spurred these organizations to improve their cybersecurity measures. 

As another article on the same topic put out by the Imperial College of Science, Technology and Medicine, the return of WannaCry is considered a “Looming Threat” as the authors point out that since that attack, there have been a number of new technologies being used in the healthcare industry, such as robotics, AI, implantable medical devices and personalized medicines based on a patient’s genes that are lacking built-in security and would be susceptible to such an attack.  WannaCry, if it hit again, would see hackers gaining access to personal information or even tampering with patients’ medical records.  And this is not just specific to the NHS, but applicable to all healthcare systems around the world. 

With healthcare and funding for healthcare funding coming under increasing financial pressure from government, industry and other stakeholders, these organizations are becoming hard pressed to ensure that they continue to allocate funds so that they can protect themselves from these potential threats. 

So, Wedge continues to keep trying to get the word out to healthcare organizations that there is indeed a solution available to them that can help them to beef up their systems to protect them from WannaCry, along with other malware.  While they should still be investing in the straightforward defences as mentioned earlier, they should also consider taking a proactive “Detect and Block” approach.  Once malware such as WannaCry has made it into an organization’s network, it is already too late.  Then, the focus becomes “Detect and Remediate”, which becomes a much more costly exercise.  

With Wedge’s Advanced Malware Blocker, healthcare organizations can invest in a solution that can completely prevent ransomware and other advanced targeted attacks from even making it into the network; and before it can cause any damage.  A small investment now, can save a huge remediation bill later.  WedgeAMB is available as a FREE 90 day trial and we encourage any healthcare organization who feels that they are lacking in adequate protection to give it a try!  Contact us at: info@wedgenetworks.com to find out how easy it is to deploy WedgeAMB and to provide that extra level of protection that your organization needs against WannaCry and others.

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , | Leave a comment

Over 1/4 of UK Firms Have Been Victims of Ransomware Over the Past Year: Could These Attacks Have Been Prevented?

No Gravatar

A recent InfoSecurity Magazine article was published recently that highlighted how dire the Ransomware situation is getting; particularly in the UK.  According to figures released by data backup firm Databarracks, over 28% of UK organizations have been hit by ransomware over the past 12 months.  According to them, “This is slightly lower than the peak of 29% in 2017, the year WannaCry hit, but much higher than the 2016 figure of 16%.”

While Databarracks highly recommends that the only way organizations can fully protect themselves is by having historic backup copies of their data, their opinion is that outright prevention is not viable.  We, at Wedge, do concur with their suggestion for having backups, but we also strongly believe that outright prevention actually IS possible.  And, in the long run, is a much more cost-effective way for organizations to protect themselves.

We invite Databarracks to look at our approach where instead of looking at remediation efforts, after the fact, we have focused squarely on prevention with our “Detect and Block” approach.  To quote Benjamin Franklin, we feel that “An ounce of prevention is worth a pound of cure.”  That goes the same with cybersecurity.  It will cost a firm much more to go through a remediation process than it would to simply have a solution in place that can detect and block any and ALL advanced threats, zero-days and other never-before-seen malware.  If malicious content can’t make its way into your network, then it can’t cause any harm.

The way we do it is with our Wedge Absolute Real-time Protection platform, on which the Wedge Advanced Malware Blocker is based.  This solution can SEE all content flowing through the network and can detect and block malicious content in real-time as a result of multiple patented technologies such as Deep Content Inspection, all orchestrated with the industry’s best-of-breed services, combined with Artificial Intelligence and machine learning.  By having the ability to block all advanced threats, such as ransomware, in real-time, BEFORE they can even reach the endpoint, it takes away the ability to lock up data and shut down the network.

WedgeAMB is a proven solution that can actually PREVENT attacks.  If you’re interested in learning more, we offer a FREE 90 day trial to any and all organizations who are like-minded and who believe that if they can prevent attacks, they’ll be better off.  Contact us at: info@wedgenetworks.com to learn more!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , | Leave a comment

The Ransomware Tsunami Is Coming! Is Your Municipality Prepared When It Hits?

No Gravatar

We’ve seen it.  We’ve been blogging about it.  Ransomware is on the rise…and it is hitting municipalities hard.  Multiple cities in Florida have been hit and have paid out hundreds of thousands of dollars in bitcoin, against law enforcement recommendations.  Others had no other choice. It was either that or make residents suffer as they tried to recover computer systems and databases.  Other cities, like Atlanta and Baltimore, have been hit even harder, spending over $17MM and $18MM respectively, as they try to recover from their attacks.  

We can say it is the perfect storm.  While Law enforcement continues to encourage organizations not to pay, those cities that don’t give into the ransom demands appear to be “taking one for the team” as their remediation costs often balloon past the initial ransom demands.  For smaller municipalities, they’re taking the “easy way out”; paying the ransoms in hopes that they can get back in business as quickly as possible, with some being fortunate enough to have insurance coverage for their losses.  This presents an opportunity which hackers and bad actors will undoubtedly seize setting us up for the perfect storm, or a ransomware tsunami as noted in this recent Forbes article.  

I get asked – so what are the things these municipalities can do to make protect themselves?  Yes, it is understandable that municipal budgets are tight (typically budgets only get released when bad things happen), but at a minimum any municipality can do these in priority order:

  1. Backups.  The Perform frequent backups of your system and other important files, and verify your backups regularly. If your computer becomes infected with ransomware, you can restore your system to its previous state using your backups.  You need to plan your backups such that regular backups are done for all systems and that these backups do not overwrite (read our blog about Tony’s Meats)… and under no circumstances, should these backups be connected to the internet.  
  2. Ransomware Outbreak Drill.  Ensure that IT staff is trained on how to handle a ransomware outbreak; if you have a Business Continuity Plan, please put Ransomware Recovery as part of your IT Recovery strategies.  Think of it, your building and facilities manager has an emergency preparedness/fire drill, so why wouldn’t you do a Ransomware Drill?
  3. Assess your weak points.  Do a full assessment of the network; there are several products and service providers around that can help with this. 
  4. Inventory and Patch Often.  Continually have an updated inventory of all software and all IT components on your network; have a patching strategy to update these.
  5. Network Security Solutions that Provide Real-time Protection and Remediation.  We have said it before, and we will continue to say it – products such as Sandboxes that detect breaches only to tell you have been screwed minutes or potentially hours later. See the NSS Time to Detection Chart Prepared for Cisco:
https://www.cisco.com/c/dam/en/us/products/collateral/security/advanced-malware-protection/nss-labs-2015-bds-svm-flysheet.pdf

As an example of Real-time security, Wedge’s Absolute Real-time Protection (WedgeARP) line of products combine: Deep Content Inspection so that it can see ALL content going through the network and improve on detection accuracy, Orchestration of the industry’s best-of-breed security services to cover all advanced threats, Artificial Intelligence and Machine Learning to detect never-before-seen malware, and hyper-streaming technologies like SubSonic and GreenStreaming so that all of the detection and blocking can happen in Real-time with no perceptible latency.  When combining WedgeARP, which is the tool of choice for Managed Detection and Response (MDR) providers, with a capable Endpoint Detection and Response (EDR) system, you have a potent solution that can Detect and Block in real-time (instead of minutes or hours like sandboxes!) while also providing real-time remediation through interactions with the EDR system. 

The above suggestions can often help the organization rebuild its systems much quicker and at minimal expense without having to pay the ransom.  As we’ve mentioned in a previous blog, although employees are always a risk factor, they are a factor that cannot be taken out of the equation and unfortunately, they are also the factor that are often the cause of the ransomware attack with an errant click on a phishing email.  In this case, cities should try to have their employees go through security awareness training so that they develop a healthy sense of paranoia around suspicious communications.  Beyond that, there is also having organizations harden the security of their systems, such as keeping a firm hand on software that is allowed on work computers and making sure that they’re all kept up to date with regards to patches.  In combination, these preventative measures can start adding up, and they’re still fallible.

And of course, at Wedge Networks we try to make things a bit easier with our Wedge Advanced Malware Blocker.  We know that the human factor will always be there and that sometimes patches get missed.  By employing WedgeAMB, it provides municipalities with that extra blanket of comfort.  By being able to detect and BLOCK advanced threats, never-before-seen malware and other suspicious content BEFORE they can even reach the endpoints.  We’ve always taken the Proactive approach to security and with out patented Deep Content Inspection and orchestrated threat management of the industry’s best-of-breed malware heuristics and artificial intelligence, we are hoping to help municipalities protect themselves by PREVENTING ransomware attacks.  Hopefully if more cities out there take this approach, we can stem the tide of ransomware that seems almost like an inevitability.  You can try WedgeAMB for FREE on a 90 day trial.  Contact our team at: info@wedgenetworks.com to learn more.

PS: UPDATE

We are thrilled that yesterday, July 11, 2019 at the 87th Annual Meeting of the United States Council of Mayors, US Mayor’s have voted and vowed against paying for ransomware where they affirmed:

“NOW, THEREFORE, BE IT RESOLVED, that the United States Conference of Mayors stands united against paying ransoms in the event of an IT security breach.”

We applaud wholeheartedly!  Well done!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , , | Leave a comment

With Ransomware the Human Factor Is Always an Issue, But You Can’t Fire Everyone! It’s Better to Learn From Their Mistakes…

No Gravatar

Another couple of articles recently hit the news, adding to the number of municipalities and local governments being hit by ransomware, as well as describing some of the fallout from these attacks.  The biggest takeaway is that these ransomware attacks are, in most, if not all cases, the result of an employee clicking an attachment in an email and unleashing the malware onto the network.  However, despite wanting to get rid of this “exposure”, we have to remember that the Human Factor will always play a role in these organizations.  The best thing that we can do is to share the knowledge and learn from these errors.

Onto the recent cases:

In Florida, now along with Riviera Beach and Jackson County, Key Biscayne joins the list of victims of some form of ransomware mistakenly introduced by a city worker.  As with the other municipalities, Key Biscayne has to make the decision on whether they’re going to pay the ransom or go with other methods of recovering their systems.  As we noted in the Riviera Beach case, they opted to pay out $600K in Bitcoin in order to make their problem go away and are now battling with their insurance provider to determine who is on the hook.  Key Biscayne, with a population of only about 3,000 people versus Riviera Beach, which is home to more than 32,000, may have to weigh the pro and cons of their decision based on how much ransom is being demanded and whether the municipality has insurance coverage or not.

And, just prior to Key Biscayne, Lake City  Florida had to pay out $460K in ransom.  In this case, apart from a $10K deductible, they are fortunate that insurance will cover the rest of the ransom.  Although Lake City’s Mayor stated that he would typically agree with the FBI’s  recommendation not to pay the hackers, it came down to the dollars and cents and representing what was the right thing to do for the citizens of the city as a prolonged recovery would have cost the taxpayers more than just paying the ransom.  Unfortunately, another outcome from that attack was that a city IT employee was terminated as they were deemed not to have done enough to protect the computer systems from an intrusion (although it was NOT the same person who had clicked on the malicious email).  In our opinion, this is is like firing the most valuable employee – the one who made the mistake that the city could learn from (assuming that he/she didn’t do this based on malice).   

So, as we’re seeing more and more, these ransomware attacks on smaller municipalities are netting hackers a payday.  By hitting smaller cities who are less likely to have adequate protections in place, and who are more price sensitive to the ransom that the hackers are demanding, are also more likely to either pay the ransomware or are lucky enough to have insurance coverage.  This doesn’t bode well for being able to eradicate the value or ransomware to hackers any time soon, but it could be a learning experience for other municipalities if the information that these victims gained can be quickly shared with other organizations that find themselves in the same boat!  As is the typical case, the attacks are a result of an employee clicking on an email attachment that they shouldn’t have.  So, what is the best solution?

That’s where Wedge comes in!  We know that the human factor will always be around in all organizations; it is just a matter of changing how we think and attack the problem.  We have to be able to continuously take the knowledge we’ve gained from previous attacks and outcomes and use that in our fight against future attacks.  The proactive “Detect and Block” mentality is key here.  We know that employees will always be susceptible to being tricked into clicking links that they shouldn’t; but what if these emails never even reach the employees?  With Wedge’s Advanced Malware Blocker, all advanced threats can be blocked BEFORE they reach their intended target.  With Wedge’s patented Deep Content Inspection, combined with orchestrated industry best-of-breed malware heuristics and artificial intelligence / machine learning, we continually take knowledge from previously seen threats and attacks and use them in a way that now even never-before-seen threats can be detected and blocked.  With WedgeAMB, we take away the possibility that an employee will unknowingly introduce malware into the network by removing that threat before they even see it.  You can’t fire everyone so at least put a proactive solution in place!  For a FREE 90 day trial of this solution, contact our team at: info@wedegenetworks.com.  

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , , | Leave a comment

Disheartening News: Ransomware Recovery Company Caught PAYING Ransom Instead of Developing Solution to Recover Data

No Gravatar

A recent article has come to light that has got us here at Wedge quite discouraged regarding firms out there professing to have a great solution for fighting ransomware but then being caught cutting corners.  ProPublica, an investigative newsroom, recently ran a story in which they found that a couple of U.S. “ransomware recovery firms,” which had been touting themselves as data recovery experts that could help firms hit by ransomware recover their files and regain access to their systems, had actually simply been paying hackers the ransomware they requested.

Instead of coming up with a solution that could potentially eradicate the value of ransomware attacks to hackers, these firms were instead perpetuating the benefit.  As per the U.S. Department of Homeland Security and other law enforcement agencies’ advice, in order to help stem the spread of ransomware, victims should avoid paying hackers their ransom whenever possible.  And even when payment could be a must (See our Tony’s Meats blog), at a minimum, there should be cooperation with these agencies to help track such payment to the hackers, which could hopefully lead to their arrest.  The idea is that if the hackers don’t get paid, they won’t see the value in continuing to utilize ransomware.  Sadly, this advice is not followed in many instances and victims take the easy way out – paying the ransom in order to get their organizations up and running again.

What makes ProPublic’s findings on these ransomware recovery firms so egregious (with these firms paying the hackers), is that victims are often willing to pay more than the ransom amount in order to get their data back if they believe that they are paying a data recovery firm instead of a hacker; especially if they feel that they can be a part of stopping the spread of these ransomware attacks.   What is more appalling is that they would then charge the victim several times the total of the ransom amount as their “decryption and services fees”.  There has to be legislation governing the delivery of such services, starting with the beefing up of existing electronics communications acts; defining ransomware as a crime.  Maybe it will happen by 2025, if we get our act together, double pun intended! 

As a solution provider ourselves, Wedge prides itself in actually having a technology that can help to properly eradicate the spread and kill the value of ransomware to hackers.  Although we understand that there are some instances where paying a hacker the ransom they request might be the only way of a victim recovering their data, we feel that we can offer a solution that can help to minimize the number of ransomware victims by using a pro-active “Detect and Block” approach to advanced threats such as ransomware.  While most of the industry is still stuck in a “Detect and Remediate” reactionary mindset, we believe that many out there want a proactive solution that will help to eliminate attacks altogether.

With Wedge’s Advanced Malware Blocker, we have a solution that can SEE all of the content flowing through the network and can that can block anything that is remotely suspicious.  By blocking ALL advanced threats such as ransomware, they don’t even get a chance to breach the network.  Unlike Ransomware firms out there purporting to be able to recover data but then ending up paying a ransom in order to do this, Wedge has a proven solution that actually gets the job done.  If you’re interested, give WedgeAMB a try!  We offer a FREE 90 day trial to those companies looking for a Proactive Defence that can hopefully someday truly eliminate Ransomware!  Contact us at info@wedgenetworks.com to learn more!

Posted in Industry News, Latest Security News | Tagged , , , , , | Leave a comment

Paying Ransomware When it Might be Necessary, But Why it is STILL Reactive…

No Gravatar

For some reason, ransomware payments have been making the news as of late.  Recently, Riviera Beach, Florida made waves by paying out $600,000 to hackers in order to get their system back.  They then went on to claim these damages back from their insurance company.  The result of that is still up in the air.

A bit closer to home, a meat business out of Antigonish, Nova Scotia, called Tony’s Meats Ltd is another victim.  Unfortunately, their backups were all corrupted by the malware and were of no use so they were basically forced into paying a ransom to get their data and systems back online.  Thankfully, Luck aligned for them and their insurance directed them to a 3rd party company that took over the case from there and negotiated payment to the hackers, ensuring that they were able to get the required decryption key back and unlock the company’s systems.  The insurance company also covered most of the cost of the remediation.  Understandably, this case is not the norm as there are many other stories of larger companies still locked in battle with their insurance companies for coverage of the damages they suffered as a result of ransomware and other advanced threats.  

There several takeaways from this – First, that it was a small operation, thus, the ransom was a somewhat manageable $14K.  However, this could be a sign of things to come if hackers start focusing on hitting smaller businesses, but more of them.  Second, Tony’s Meats had a backup system on its server that automatically copied the company’s files every night.  However, the attack happened after hours and the backup had automatically saved the corrupted files, thus corrupting itself; this goes to prove the importance of ensuring that the corruption of the backup is to be avoided at all costs.  The final takeaway is that Tony’s Meats is a smaller operation; as with many small businesses, they need to be more efficient with where they spend they resources, especially when it comes to IT security.  As such, a solution that covers all network traffic in their organization would be a better investment, instead of simply focusing on endpoint protection and backups.  And that’s where Wedge comes in.

We really believe that the best protection is to go with a “Detect and Block” approach as a Proactive Defence.  By utilizing a solution that can SEE all content flowing through the network and block anything that is even remotely suspicious, advanced threats such as ransomware do not stand a chance of breaching the network.  As a way of bolstering their defences, on top of the typical daily backups and updated firewalls, etc. organizations should look at giving WedgeAMB a try.  Wedge offers a FREE 90 day trial of the Wedge Advanced Malware Blocker for those companies looking for a truly Proactive Defence.  Contact us at info@wedgenetworks.com to learn more!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , | Leave a comment