Over 1/4 of UK Firms Have Been Victims of Ransomware Over the Past Year: Could These Attacks Have Been Prevented?

No Gravatar

A recent InfoSecurity Magazine article was published recently that highlighted how dire the Ransomware situation is getting; particularly in the UK.  According to figures released by data backup firm Databarracks, over 28% of UK organizations have been hit by ransomware over the past 12 months.  According to them, “This is slightly lower than the peak of 29% in 2017, the year WannaCry hit, but much higher than the 2016 figure of 16%.”

While Databarracks highly recommends that the only way organizations can fully protect themselves is by having historic backup copies of their data, their opinion is that outright prevention is not viable.  We, at Wedge, do concur with their suggestion for having backups, but we also strongly believe that outright prevention actually IS possible.  And, in the long run, is a much more cost-effective way for organizations to protect themselves.

We invite Databarracks to look at our approach where instead of looking at remediation efforts, after the fact, we have focused squarely on prevention with our “Detect and Block” approach.  To quote Benjamin Franklin, we feel that “An ounce of prevention is worth a pound of cure.”  That goes the same with cybersecurity.  It will cost a firm much more to go through a remediation process than it would to simply have a solution in place that can detect and block any and ALL advanced threats, zero-days and other never-before-seen malware.  If malicious content can’t make its way into your network, then it can’t cause any harm.

The way we do it is with our Wedge Absolute Real-time Protection platform, on which the Wedge Advanced Malware Blocker is based.  This solution can SEE all content flowing through the network and can detect and block malicious content in real-time as a result of multiple patented technologies such as Deep Content Inspection, all orchestrated with the industry’s best-of-breed services, combined with Artificial Intelligence and machine learning.  By having the ability to block all advanced threats, such as ransomware, in real-time, BEFORE they can even reach the endpoint, it takes away the ability to lock up data and shut down the network.

WedgeAMB is a proven solution that can actually PREVENT attacks.  If you’re interested in learning more, we offer a FREE 90 day trial to any and all organizations who are like-minded and who believe that if they can prevent attacks, they’ll be better off.  Contact us at: info@wedgenetworks.com to learn more!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , | Leave a comment

The Ransomware Tsunami Is Coming! Is Your Municipality Prepared When It Hits?

No Gravatar

We’ve seen it.  We’ve been blogging about it.  Ransomware is on the rise…and it is hitting municipalities hard.  Multiple cities in Florida have been hit and have paid out hundreds of thousands of dollars in bitcoin, against law enforcement recommendations.  Others had no other choice. It was either that or make residents suffer as they tried to recover computer systems and databases.  Other cities, like Atlanta and Baltimore, have been hit even harder, spending over $17MM and $18MM respectively, as they try to recover from their attacks.  

We can say it is the perfect storm.  While Law enforcement continues to encourage organizations not to pay, those cities that don’t give into the ransom demands appear to be “taking one for the team” as their remediation costs often balloon past the initial ransom demands.  For smaller municipalities, they’re taking the “easy way out”; paying the ransoms in hopes that they can get back in business as quickly as possible, with some being fortunate enough to have insurance coverage for their losses.  This presents an opportunity which hackers and bad actors will undoubtedly seize setting us up for the perfect storm, or a ransomware tsunami as noted in this recent Forbes article.  

I get asked – so what are the things these municipalities can do to make protect themselves?  Yes, it is understandable that municipal budgets are tight (typically budgets only get released when bad things happen), but at a minimum any municipality can do these in priority order:

  1. Backups.  The Perform frequent backups of your system and other important files, and verify your backups regularly. If your computer becomes infected with ransomware, you can restore your system to its previous state using your backups.  You need to plan your backups such that regular backups are done for all systems and that these backups do not overwrite (read our blog about Tony’s Meats)… and under no circumstances, should these backups be connected to the internet.  
  2. Ransomware Outbreak Drill.  Ensure that IT staff is trained on how to handle a ransomware outbreak; if you have a Business Continuity Plan, please put Ransomware Recovery as part of your IT Recovery strategies.  Think of it, your building and facilities manager has an emergency preparedness/fire drill, so why wouldn’t you do a Ransomware Drill?
  3. Assess your weak points.  Do a full assessment of the network; there are several products and service providers around that can help with this. 
  4. Inventory and Patch Often.  Continually have an updated inventory of all software and all IT components on your network; have a patching strategy to update these.
  5. Network Security Solutions that Provide Real-time Protection and Remediation.  We have said it before, and we will continue to say it – products such as Sandboxes that detect breaches only to tell you have been screwed minutes or potentially hours later. See the NSS Time to Detection Chart Prepared for Cisco:
https://www.cisco.com/c/dam/en/us/products/collateral/security/advanced-malware-protection/nss-labs-2015-bds-svm-flysheet.pdf

As an example of Real-time security, Wedge’s Absolute Real-time Protection (WedgeARP) line of products combine: Deep Content Inspection so that it can see ALL content going through the network and improve on detection accuracy, Orchestration of the industry’s best-of-breed security services to cover all advanced threats, Artificial Intelligence and Machine Learning to detect never-before-seen malware, and hyper-streaming technologies like SubSonic and GreenStreaming so that all of the detection and blocking can happen in Real-time with no perceptible latency.  When combining WedgeARP, which is the tool of choice for Managed Detection and Response (MDR) providers, with a capable Endpoint Detection and Response (EDR) system, you have a potent solution that can Detect and Block in real-time (instead of minutes or hours like sandboxes!) while also providing real-time remediation through interactions with the EDR system. 

The above suggestions can often help the organization rebuild its systems much quicker and at minimal expense without having to pay the ransom.  As we’ve mentioned in a previous blog, although employees are always a risk factor, they are a factor that cannot be taken out of the equation and unfortunately, they are also the factor that are often the cause of the ransomware attack with an errant click on a phishing email.  In this case, cities should try to have their employees go through security awareness training so that they develop a healthy sense of paranoia around suspicious communications.  Beyond that, there is also having organizations harden the security of their systems, such as keeping a firm hand on software that is allowed on work computers and making sure that they’re all kept up to date with regards to patches.  In combination, these preventative measures can start adding up, and they’re still fallible.

And of course, at Wedge Networks we try to make things a bit easier with our Wedge Advanced Malware Blocker.  We know that the human factor will always be there and that sometimes patches get missed.  By employing WedgeAMB, it provides municipalities with that extra blanket of comfort.  By being able to detect and BLOCK advanced threats, never-before-seen malware and other suspicious content BEFORE they can even reach the endpoints.  We’ve always taken the Proactive approach to security and with out patented Deep Content Inspection and orchestrated threat management of the industry’s best-of-breed malware heuristics and artificial intelligence, we are hoping to help municipalities protect themselves by PREVENTING ransomware attacks.  Hopefully if more cities out there take this approach, we can stem the tide of ransomware that seems almost like an inevitability.  You can try WedgeAMB for FREE on a 90 day trial.  Contact our team at: info@wedgenetworks.com to learn more.

PS: UPDATE

We are thrilled that yesterday, July 11, 2019 at the 87th Annual Meeting of the United States Council of Mayors, US Mayor’s have voted and vowed against paying for ransomware where they affirmed:

“NOW, THEREFORE, BE IT RESOLVED, that the United States Conference of Mayors stands united against paying ransoms in the event of an IT security breach.”

We applaud wholeheartedly!  Well done!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , , | Leave a comment

With Ransomware the Human Factor Is Always an Issue, But You Can’t Fire Everyone! It’s Better to Learn From Their Mistakes…

No Gravatar

Another couple of articles recently hit the news, adding to the number of municipalities and local governments being hit by ransomware, as well as describing some of the fallout from these attacks.  The biggest takeaway is that these ransomware attacks are, in most, if not all cases, the result of an employee clicking an attachment in an email and unleashing the malware onto the network.  However, despite wanting to get rid of this “exposure”, we have to remember that the Human Factor will always play a role in these organizations.  The best thing that we can do is to share the knowledge and learn from these errors.

Onto the recent cases:

In Florida, now along with Riviera Beach and Jackson County, Key Biscayne joins the list of victims of some form of ransomware mistakenly introduced by a city worker.  As with the other municipalities, Key Biscayne has to make the decision on whether they’re going to pay the ransom or go with other methods of recovering their systems.  As we noted in the Riviera Beach case, they opted to pay out $600K in Bitcoin in order to make their problem go away and are now battling with their insurance provider to determine who is on the hook.  Key Biscayne, with a population of only about 3,000 people versus Riviera Beach, which is home to more than 32,000, may have to weigh the pro and cons of their decision based on how much ransom is being demanded and whether the municipality has insurance coverage or not.

And, just prior to Key Biscayne, Lake City  Florida had to pay out $460K in ransom.  In this case, apart from a $10K deductible, they are fortunate that insurance will cover the rest of the ransom.  Although Lake City’s Mayor stated that he would typically agree with the FBI’s  recommendation not to pay the hackers, it came down to the dollars and cents and representing what was the right thing to do for the citizens of the city as a prolonged recovery would have cost the taxpayers more than just paying the ransom.  Unfortunately, another outcome from that attack was that a city IT employee was terminated as they were deemed not to have done enough to protect the computer systems from an intrusion (although it was NOT the same person who had clicked on the malicious email).  In our opinion, this is is like firing the most valuable employee – the one who made the mistake that the city could learn from (assuming that he/she didn’t do this based on malice).   

So, as we’re seeing more and more, these ransomware attacks on smaller municipalities are netting hackers a payday.  By hitting smaller cities who are less likely to have adequate protections in place, and who are more price sensitive to the ransom that the hackers are demanding, are also more likely to either pay the ransomware or are lucky enough to have insurance coverage.  This doesn’t bode well for being able to eradicate the value or ransomware to hackers any time soon, but it could be a learning experience for other municipalities if the information that these victims gained can be quickly shared with other organizations that find themselves in the same boat!  As is the typical case, the attacks are a result of an employee clicking on an email attachment that they shouldn’t have.  So, what is the best solution?

That’s where Wedge comes in!  We know that the human factor will always be around in all organizations; it is just a matter of changing how we think and attack the problem.  We have to be able to continuously take the knowledge we’ve gained from previous attacks and outcomes and use that in our fight against future attacks.  The proactive “Detect and Block” mentality is key here.  We know that employees will always be susceptible to being tricked into clicking links that they shouldn’t; but what if these emails never even reach the employees?  With Wedge’s Advanced Malware Blocker, all advanced threats can be blocked BEFORE they reach their intended target.  With Wedge’s patented Deep Content Inspection, combined with orchestrated industry best-of-breed malware heuristics and artificial intelligence / machine learning, we continually take knowledge from previously seen threats and attacks and use them in a way that now even never-before-seen threats can be detected and blocked.  With WedgeAMB, we take away the possibility that an employee will unknowingly introduce malware into the network by removing that threat before they even see it.  You can’t fire everyone so at least put a proactive solution in place!  For a FREE 90 day trial of this solution, contact our team at: info@wedegenetworks.com.  

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , , | Leave a comment

Disheartening News: Ransomware Recovery Company Caught PAYING Ransom Instead of Developing Solution to Recover Data

No Gravatar

A recent article has come to light that has got us here at Wedge quite discouraged regarding firms out there professing to have a great solution for fighting ransomware but then being caught cutting corners.  ProPublica, an investigative newsroom, recently ran a story in which they found that a couple of U.S. “ransomware recovery firms,” which had been touting themselves as data recovery experts that could help firms hit by ransomware recover their files and regain access to their systems, had actually simply been paying hackers the ransomware they requested.

Instead of coming up with a solution that could potentially eradicate the value of ransomware attacks to hackers, these firms were instead perpetuating the benefit.  As per the U.S. Department of Homeland Security and other law enforcement agencies’ advice, in order to help stem the spread of ransomware, victims should avoid paying hackers their ransom whenever possible.  And even when payment could be a must (See our Tony’s Meats blog), at a minimum, there should be cooperation with these agencies to help track such payment to the hackers, which could hopefully lead to their arrest.  The idea is that if the hackers don’t get paid, they won’t see the value in continuing to utilize ransomware.  Sadly, this advice is not followed in many instances and victims take the easy way out – paying the ransom in order to get their organizations up and running again.

What makes ProPublic’s findings on these ransomware recovery firms so egregious (with these firms paying the hackers), is that victims are often willing to pay more than the ransom amount in order to get their data back if they believe that they are paying a data recovery firm instead of a hacker; especially if they feel that they can be a part of stopping the spread of these ransomware attacks.   What is more appalling is that they would then charge the victim several times the total of the ransom amount as their “decryption and services fees”.  There has to be legislation governing the delivery of such services, starting with the beefing up of existing electronics communications acts; defining ransomware as a crime.  Maybe it will happen by 2025, if we get our act together, double pun intended! 

As a solution provider ourselves, Wedge prides itself in actually having a technology that can help to properly eradicate the spread and kill the value of ransomware to hackers.  Although we understand that there are some instances where paying a hacker the ransom they request might be the only way of a victim recovering their data, we feel that we can offer a solution that can help to minimize the number of ransomware victims by using a pro-active “Detect and Block” approach to advanced threats such as ransomware.  While most of the industry is still stuck in a “Detect and Remediate” reactionary mindset, we believe that many out there want a proactive solution that will help to eliminate attacks altogether.

With Wedge’s Advanced Malware Blocker, we have a solution that can SEE all of the content flowing through the network and can that can block anything that is remotely suspicious.  By blocking ALL advanced threats such as ransomware, they don’t even get a chance to breach the network.  Unlike Ransomware firms out there purporting to be able to recover data but then ending up paying a ransom in order to do this, Wedge has a proven solution that actually gets the job done.  If you’re interested, give WedgeAMB a try!  We offer a FREE 90 day trial to those companies looking for a Proactive Defence that can hopefully someday truly eliminate Ransomware!  Contact us at info@wedgenetworks.com to learn more!

Posted in Industry News, Latest Security News | Tagged , , , , , | Leave a comment

Paying Ransomware When it Might be Necessary, But Why it is STILL Reactive…

No Gravatar

For some reason, ransomware payments have been making the news as of late.  Recently, Riviera Beach, Florida made waves by paying out $600,000 to hackers in order to get their system back.  They then went on to claim these damages back from their insurance company.  The result of that is still up in the air.

A bit closer to home, a meat business out of Antigonish, Nova Scotia, called Tony’s Meats Ltd is another victim.  Unfortunately, their backups were all corrupted by the malware and were of no use so they were basically forced into paying a ransom to get their data and systems back online.  Thankfully, Luck aligned for them and their insurance directed them to a 3rd party company that took over the case from there and negotiated payment to the hackers, ensuring that they were able to get the required decryption key back and unlock the company’s systems.  The insurance company also covered most of the cost of the remediation.  Understandably, this case is not the norm as there are many other stories of larger companies still locked in battle with their insurance companies for coverage of the damages they suffered as a result of ransomware and other advanced threats.  

There several takeaways from this – First, that it was a small operation, thus, the ransom was a somewhat manageable $14K.  However, this could be a sign of things to come if hackers start focusing on hitting smaller businesses, but more of them.  Second, Tony’s Meats had a backup system on its server that automatically copied the company’s files every night.  However, the attack happened after hours and the backup had automatically saved the corrupted files, thus corrupting itself; this goes to prove the importance of ensuring that the corruption of the backup is to be avoided at all costs.  The final takeaway is that Tony’s Meats is a smaller operation; as with many small businesses, they need to be more efficient with where they spend they resources, especially when it comes to IT security.  As such, a solution that covers all network traffic in their organization would be a better investment, instead of simply focusing on endpoint protection and backups.  And that’s where Wedge comes in.

We really believe that the best protection is to go with a “Detect and Block” approach as a Proactive Defence.  By utilizing a solution that can SEE all content flowing through the network and block anything that is even remotely suspicious, advanced threats such as ransomware do not stand a chance of breaching the network.  As a way of bolstering their defences, on top of the typical daily backups and updated firewalls, etc. organizations should look at giving WedgeAMB a try.  Wedge offers a FREE 90 day trial of the Wedge Advanced Malware Blocker for those companies looking for a truly Proactive Defence.  Contact us at info@wedgenetworks.com to learn more!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , | Leave a comment

Now This Is Going to be Fun: The City of Riviera Beach Wants its Insurance Provider to Pay for its EXPENSIVE $1.6 Million Click… Why This is a GREAT Opportunity!

No Gravatar

The City of Riviera Beach, Florida, is in the news again recently. Last week it was because the city decided to pay out $600,000 to hackers who had taken over its network so that they could get their system back (read our blog here).  This week, it is because they want their insurance company to pay up, by the city claiming ransom payments and damages incurred under their business and risk management insurance policy.  Before  the reader concludes that this is outrageous, several insurance companies explicitly offer coverage for online extortion payments in their cyber policies.

But this is changing and we have written about this before with the case of Mondelez International and its ongoing lawsuit against Zurich Insurance, claiming that Zurich should be on the hook for the $100MM financial hit that Mondelez incurred at the hands of hackers.  Industry watchers are paying close attention to the outcome of that case because it could have major repercussions on the insurance industry when it comes to what they would be required to cover under their insurance policies; especially those that explicitly cover “cyber events”, aka cyber attacks.

Going back to Riviera Beach, as it is the most recent case, despite the city voting in favour of paying the ransom, against the adamant advice from law enforcement not to give into these demands, as it only further encourages criminals by showing them success in their ongoing pursuits, the question is coming down to “who is on the hook for the costs incurred?”.  By having the insurance carriers pay for the cost and damages suffered, it insulates the victims from the cost, and it legitimizes paying ransomware as an accepted and routine cost of doing business.  

However, we argue that it sets up a dangerous precedent; the victims are now somewhat removed from having to fork out the ransom payments themselves, making it easier to pull the trigger on agreeing to the ransom payment.  This perpetuates the circle as hackers will continue down this path as it is now lucrative for them to do so, insurance companies are stuck with the bill and will start raising premiums to cover the increasing payouts, and the victims will have to pay their increased premiums in order to ensure that they are covered.  Overall a net gain for the bad guys, or a double-edged sword, especially if you are holding it with your bare hands – as most of us cybersecurity providers feel day in, day out, indeed.  

Insurance as a business is based on actuarial science – the science of managing risk through the rigorous application of mathematical models and data science.  It is our opinion that this science is still in its infancy, though there are some landmark papers (see here for a good example, though I warn you this might not be your cup of tea as an easy read) on how to work around developing this model.  This is setting up an interesting business proposition for the insurance companies.  With the explosion of ransomware cases, there is definitely a market for insurance that covers this business risk.  While, insurance companies have to figure out how to enforce better data protection for their clients so that their payouts can be minimized, vendors such as ourselves *would* love to add it as a line item to our products – and if you are an insurance company, I would love to hear from you.  I cannot seem to find you though!

Unfortunately, many insurance companies do not have the data on how or even where to start, never mind the fact that they would need to audit implementation of this new data security requirement.  Add in the possibility of paying out ransomware, which in some cases – though difficult to swallow – may have been the only option, as the City of Riviera Beach must have found out.  In the interim, insurers who have taken the leap into the rapidly growing cyber insurance market, cannot be left in this dilemma; either charging very high premiums so that they can make ransom payments without suffering significant financial loss themselves or finding ways out from their contract.  This, is however, an opportunity to disrupt both the business of cybersecurity, not only from a vendor/technology perspective, but from an operational perspective (MSSPs) and insurance perspective. 

We feel that for those insurance companies that have taken the leap into cyber insurance, we can at least offer a solution for them that they can mandate their customers use in order to cut down the incidents of ransomware attacks and other malware.  The insurance companies are looking for a security solution that can help prevent these incidents so that their payouts are lowered.  What better way than to get on board with the “Detect and Block” approach?  If these insurance companies had as part of their policies that the organizations that they were insuring were required to utilize a platform such as the Wedge Advanced Malware Blocker, they would quickly start seeing a drop in the number of ransomware payouts they would be facing.  With Wedge’s patented Deep Content Inspection, combined with orchestrated industry best-of-breed malware heuristics and artificial intelligence / machine learning, WedgeAMB stops all advanced threats in real-time, BEFORE they have a chance of even touching an organization’s network.  Best of all, Wedge offers a FREE 90 day trial of the Wedge Advanced Malware Blocker.  If you are an insurance company that has started offering cyber insurance, the WedgeAMB solution could be what you are looking for!  For more information, get in touch with our team at info@wedgenetworks.com!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , | Leave a comment

The City of Riviera Beach’s EXPENSIVE $1.6 Million Click

No Gravatar

It only took one employee a single click on an email link that allowed hackers to upload malware, and now the City of Riviera Beach, Florida is finding out first hand how expensive a ransomware attack can be. Going against U.S. Department of Homeland Security, Secret Service, and FBI suggestions, they paid $600,000 in ransom to hackers after they took over the city’s systems; and an additional $1.0MM on new computers and hardware.

This event highlights two key factors – first, we cannot use a single recommendation. Some municipalities will have to pay out hackers when the cost of disruption could lead to much more severe consequences. Second, and more importantly, it brings to light the means through which hackers would resort, in order to get to their goals. In this case, email, which is unfortunately becoming an area where we are seeing less security spending for two main reasons: a) most companies outsource their email hosting services to third party vendors; and b) most email messages are analyzed at time of delivery. As methods and tools have improved, hackers can now intelligently embed links in their messages that would appear ‘innocent’ to the third party vendor BUT could be repurposed on-the-fly for a request originating from the target enterprise.

While we continue to suggest that the best defence against ransomware is not to get infected, a fair number of municipalities are simply unprepared for, nor do they have an adequate defence system in place to prevent these attacks. The sad fact is that many of these ransomware attacks are initiated by a simple phishing email that leads to a malicious download that starts the whole downward spiral as hackers gain access to key systems. In the case of Riviera Beach, it was just that; an employee clicked on an email that allowed hackers to upload malware.

All of this can be prevented! It could be as simple as being able to stop that initial phishing email from being delivered to an end user within the network. Municipalities that have already been hit, or those that are keen on taking a proactive approach so that they don’t become one of the growing ransomware statistics, should all take advantage of Wedge’s FREE 90 day trial of the Wedge Advanced Malware Blocker.

With patented Deep Content Inspection, combined with an orchestrated platform that utilizes machine learning / AI and best of breed security defence solutions, WedgeAMB has a 99.97% accuracy rate for detecting and blocking malware in Real-time. In the case of Riviera Beach, the email in question would have been stopped in its tracks because WedgeAMB is the only product available that can provide both web and email protection – in REAL-TIME, detecting and blocking the phishing email before it even landed in the employee’s inbox and prior to them being able to access any embedded links. At Wedge, we continue to promote the Detect and Block approach for any and all organizations. Ransomware can prevented and WedgeAMB provides the first step. For more information, contact our team at: info@wedgenetworks.com.

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , | Leave a comment

Smart Grids – the Next Big Attack Vector to Pull Down a Country’s Smart Grid Could be Your WiFi-enabled Thermostat! Here is How to Protect the Grid…

No Gravatar

While Argentina and Uruguay are still reeling from a massive blackout that left nearly 50 million citizens without power over the weekend, we still cannot rule out cyberattack as being the reason. The integrated nature of the regional grid meant that cross-border grid glitches propagated further, with the interruption also affecting Brazil, Chile and Paraguay. Smart grids, smart metering and automated control systems, have been changing the global electricity landscape with “more than 10% of global grid investments – equivalent to some $30 billion a year – now dedicated to digital network infrastructure”, according to a recent article from Bloomberg. To that end, “more than $130 billion has been spent on smart-grid technologies worldwide over the past five years”. The reason for the adoption of smart grid technology is to provide the ability to monitor and control supply and demand in real time, allowing grid operators to better forecast and plan for consumption spikes that would otherwise cause the system to fall over.

However, like we’ve seen in Smart City adoption, the vast amount of infrastructure required to make the electrical grid “smart” includes a parallel telecommunications network that is able to collect and process the massive amounts of data that the grid would generate. Essentially, every connected thermostat, electricity meter, or other smart device, provides a potential attack vector into the grid that could have devastating consequences such as bringing the entire grid down.

Unlike the telecommunications and computing sectors that have been dealing with security risks for a while, the industrial and electrical systems sectors are lagging behind in this respect. Again, like in the case of Smart Cities the IoT devices that are providing the monitoring in the Smart Grids, are often too underpowered to run anti-malware protection, or are running operating systems that are not covered by current network security solutions. Thus, the Smart Grids will run into a similar problem; making them vulnerable to hackers and to malware attacks. Due to the essential nature of the utility, the results of which could leave hundreds of thousands of people without power for hours or days, hacks of the electrical grids are more likely to be perpetrated from nation states, who are better funded and who can better cover their tracks; hiding their activities for years before potentially launching an attack.

Thankfully, the solution to this problem is the same as how Smart Cities are protected! Because Wedge Advanced Malware Blocker is NETWORK-BASED requiring no retrofitting or re-engineering of existing grid technology, capable to Detect and STOP malware – including zero-days – in Real-time at the network level, it can protect all of the Smart Grid’s endpoints, preventing any malware from ever reaching them! Smart Grid operators can and should take advantage of Wedge’s FREE 90 day trial in which they can see for themselves how effective WedgeAMB is at protecting their infrastructure. Get in touch with our team at info@wedgenetworks.com for more information!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , | Leave a comment

The Best Defence Against Ransomware? Don’t Get Infected…

No Gravatar

It looks like the the idea of “Detect and Block” vs “Detect and Remediate” is gaining traction out there.  This is a welcome sight for us here at Wedge as we continue to espouse the idea that it is better to detect and prevent malware than it is to have to remediate it after the fact.  The Register, in a recent article seems to agree with our take on the situation.

Initially, the article asks readers to consider weighing the pros of actually paying the ransom demanded to hackers in order to have their data unlocked; contrary to the advice handed down by government agencies and information security firms who suggest that by giving in and paying the ransom will just encourage the behaviour to become more popular and it will just keep coming back.  The sad thing is that Ransomware has become such an epidemic for businesses and consumers alike that the FBI has even a ransomware guide to provide suggestions to CISOs in the event that their organization has been hit.  Of course, paying the ransom is still very hit or miss when it comes to an organization actually getting their data back, with recent reports from the CyberEdge Group finding that “only about 60 percent of companies that pay ransomware demands actually get their data back in the end.”  It really becomes a crap shoot as to whether this is actually a good strategy.  (In the end, though, making sure that law enforcement is involved is always a good idea as they can always assist in eventually tracking down the hackers.)

Thus, The Register goes on to state, “When it comes down to it, the best defence against ransomware is to not get infected in the first place.  Barring that, companies should have strong backup and recovery plans.  It seems simple enough.”  We alluded to this in our blog on “Save Patient Zero”, when companies cannot afford to have a “Patient Zero”.

Let’s look at the second part of that statement.  The one about having strong backup and recovery plans.  The Register continues on with, “Even if a company is meticulous about backing up their data, the actual recovery process is far easier said than done, particularly when you have to do it with hundreds or thousands of PCs and terminals, and dozens of servers or cabinets of servers.”  So, even if an organization has a decent enough backup plan, depending on the size and the number of endpoints affected, the remediation cost could still be tremendous!  Look at the Norsk Hydro case or our blog on the Ryuk Ransomware, as a examples…

And so, we’re left with the best defence against ransomware being to “not get infected in the first place”.  This is the strategy that is the most sound and that can now actually be executed on.  And this is where Wedge’s Absolute Real-time Protection comes into play.  The Wedge Advanced Malware Blocker is the most accurate and highest performing solution available that uses the Detect and Block approach to “see” and block malware in Real-time.  Wedge uses its patented Deep Content Inspection technology to reconstruct full content, scanning it with signature-based scans, heuristic-based scans and an artificial neural engine, so that it can determine the intent of the content; whether it is safe or not.  Thus, WedgeAMB can detect and block malware in real-time before it has a chance to be seen by the end user; thus taking the possibility of infection away.  Even if the malware is a new variation or new, never-before-seen variety, it will be detected and blocked as soon as its mal-intent is revealed.

So, the solution is there for organizations to use.  The best thing about it is that we even offer a FREE 90 day trial of the Wedge Advanced Malware Blocker.  If you’re interested in protecting your organization from attacks through the strategy of prevention and not getting infected in the first place, get in touch with our team at info@wedgenetworks.com.  As we like to say, the best defence against ransomware is “Don’t get infected”.

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , | Leave a comment

…And Another Municipality Falls to Ransomware…

No Gravatar

Ransomware attacks against municipalities have been hitting various cities around the U.S. as of late. We saw the Ryuk malware hitting Jackson County and provided an overview of how various ransomware strains are hitting governments across the globe, however, Spiceworks provides a timeline of some of the major Ransomware strikes across U.S. cities in 2017 and 2018; RecordedFuture provides an outlook for the shape of things to come for 2019, and it is not pretty.

Source: RecordedFuture May 2019

The effects of ransomware on municipalities has been causing a lot of grief, disrupting city services such as court systems, online payments systems, police departments, healthcare services, municipal databases, accounting systems, and more. Cities, both big and small, are falling victim to these attacks, with many often going unreported on the national news. The unfortunate part about it all is that, according to the “International City / County Management association, only 58% of city municipalities cannot determine where cybersecurity attacks could come from and nearly 41% have never have never conducted a cybersecurity exercise.”

With the latest attack on Baltimore we are now tracking at least one municipal ransomware attack per month, dating back to January 2017, and several months showing 2 or more attacks – the picture it paints is one of woefully unprepared municipalities. The typical story shows the municipality not paying the ransom and then having to deal with days and even weeks of computer downtime and disrupted services but at least being able to recover data. This points to at least many of the governments having some sort of backup and recovery system in place. The flip side is that the financial costs of downtime and having to go back to manual systems during the outages typically end up costing far more than the ransom being demanded! This linked chart from an article in the Baltimore Sun provides a comprehensive view.

If anything, the many cases listed continues to highlight that city and county governments need to concern themselves with cybersecurity. With the problem of these attacks not going away any time soon, the situation will most likely get worse. At Wedge, we’re hoping that as cities become more aware of the possibility of going with a “Detect and Block” solution instead of having to live with their current “Detect and Remediate” mindset, the number of municipalities hit in the future will be much less.

Municipalities and government entities can try the Wedge Advanced Malware Blocker that can Detect and STOP all forms of Ransomware in Real-time before it has a chance to hit their networks. This FREE 90 day trial can allow municipalities to save themselves from becoming just another statistic in the ongoing Ransomware story. Get in touch with our team at info@wedgenetworks.com for more information!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , | Leave a comment