Snake Ransomware Now Causing Havoc on Industrial Control Systems – Are Your Systems at Risk?

Posted on January 29, 2020 by Wedge Chief Scientist
No Gravatar

This is a follow-up blog to the one we provided earlier this month on how the Snake Ransomware was affecting Corporate Networks.

Yesterday, Bloomberg again brought to light the recent “Snake” ransomware and how it is now used to target Industrial Control Systems (ICS); and in particular, many industrial processes that belong to General Electric Co.  This new strain of ransomware was created by Iran and has the ability to lock up and even delete ICSs.  Snake will encrypt programs and documents on infected machines BUT it also removes all file copies from infected stations, preventing victims from even recovering encrypted files.  As such, deleting and/or locking targeted ICS processes would prevent manufacturers from accessing vital production-related processes such as analytics, configuration and control.

Of note, before the Snake ransomware starts encrypting files, it attempts to terminate processes associated with various types of programs, including system utilities, enterprise management tools and ICS.  Although other companies such as Honeywell and their processes are at risk, the majority of the industrial processes that are targeted by Snake are those in GE products.

According to an article by SecurityWeek, one organization that was recently targeted by this ransomware (or the related Dustman malware) was the Bahrain Petroleum Company (Bapco).  According to ZDNet  Saudi officials sent an alert to other local companies active on the energy market in an attempt to warn of potential attacks and advising these companies to ensure that their networks were secure.  The Bapco incident was brought up amid rising tensions between the US and Iran after the US military recently killed top Iranian military general, Major General Qassim Suleimani.  

Saudi Arabia’s National Cybersecurity Authority subsequently linked Dustman to the ZeroCleare malware; itself a wiper that has been targeted against energy and industrial organizations in the Middle East.  When the dust settles, all of these malware variations have been linked back to Iranian hacker groups, and are a testament to Iran’s advanced technical capabilities when it comes to launching destructive state-endorsed cyber attacks.  With the current political climate surrounding Iran and the US, it would not be prudent to rule out the possibility that they will try to create additional instability by targeting other energy and industrial / infrastructure organizations in the region.

That being said, if your organization is running any sort of ICS system that could potentially be at risk, how confident are you in the security solutions that you currently have in place?  How damaging would a ransomware attack be to your organization?  Are you prepared with backup plans?  In this case, should the Snake ransomware hit your operations, because it removes all file copies from infected stations, would paying the ransom even ensure that you’ll be able to get up and running again?

This is where Wedge, and its ability to detect the Snake ransomware, is able to help.  With Wedge’s Advanced Malware Blocker (WedgeAMB) in place, the Snake malware that is targeting ICSs can easily be detected and blocked in real-time, BEFORE it causes any damage.  With a deep content inspection, and AI / Machine-learning based platform that has proven effective to be able to detect and block ransomware in real-time, WedgeAMB is providing not only Energy and Industrial organizations but ALL organizations the extra blanket of protection that they need to weather the new variations of ransomware that are being pushed out by hacker organizations.  

If your organization is concerned about this recent spate of attacks, and is unsure of whether your security solution would be able to detect the Snake ransomware, make sure to contact us at: info@wedgenetworks.com.  Our team will be able to tell you more about how WedgeAMB can protect your organization.  WedgeAMB is available for a FREE 90 day trial so you really have nothing to lose!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , | Leave a comment

The Snake Ransomware is Making its Rounds Through Corporate Networks… However, it is Unable to Elude WedgeAMB!

Posted on January 16, 2020 by Wedge Chief Scientist
No Gravatar

Snake is in the news as of late. No, not the one of the 2019 Chinese Zodiac but of the malware variation. Detected as “Trojan.Win32.Antavmu.asdd”, Snake works like most ransomware. It doesn’t touch your operating system files and programs so your computer still starts up and provides you with a working system. And, like most other ransomware, any other important files such as documents, photos, videos, spreadsheets, etc, are all scrambled and locked up with a randomly chosen encryption key.

Here’s the thing. With Snake, the scrambled files will consist of the encrypted content overwriting the original data with decryption info added on at the end. The original filenames and directories are are recorded, with the decryption key stored as well, with a special tag “EKANS” (“SNAKE” – backwards), finishing off the encrypted file.

Similarly to other ransomware, Snake uses a hybrid encryptions system with symmetric cryptography used to lock up the files but then public-key encryption used to lock up the decryption key. The reason being that symmetric cryptography is ideally suited for scrambling large amounts of data while public-key cryptography is better suited for small amounts but allows for two keys, instead of one, where the key used to lock up the data can’t be used to unlock it.

However, Snake is a bit different from other ransomware. While most ransomware denote scrambled files by adding unusual extensions to filenames so that they stand out, the Snake malware adds a different, randomly chosen string of characters, onto the names of encrypted files; making it more difficult to determine which files have been affected through name alone.

From there, the malware drops a “What happened to your files?” document onto your desktop, or in this case, it writes a file called “Fix-Your-Files.txt” into the Windows public desktop, where it shows up in the background for every user on the affected system. Unfortunately, the way the malware is written, with the expectation of having administrator access across the compromised network, the bad actors that are perpetrating this crime don’t intend on targeting individual users on the network but are looking to take their time and attack everyone, for a much more egregious outcome.

But there is a positive outcome to this story! As it turns out, the Snake ransomware is still ransomware at its core and because of the various key elements of the code, it can still be detected and blocked. Although many solutions out there are unable to detect it because they are still just looking at the packets and not the content itself, WedgeAMB, with Deep Content Inspection in its underlying platform, is able to do just that. By looking at the whole content, combined with AI and machine-learning abilities that can detect the “INTENT” of the content; despite variations in the malware itself, WedgeAMB can detect and BLOCK the malware in real-time. The malware is unable to even enter the network; preventing any and all damage from occurring. This can be evidenced in the screen-shots from WedgeIQ below, showing that the Snake malware was stopped in its tracks.

Now, hopefully your organization was not affected by this dastardly piece of ransomware as it has many other organizations out there. If you are concerned that perhaps your security systems might not be able to detect and block this and other ransomware variations, give us a shout! Wedge provides a FREE 90 Day trial of our Wedge Advanced Malware Blocker, which uses Deep Content Inspection along with Orchestrated Threat Management that incorporates best-of-breed security solutions and AI to detect and block ALL malware in real-time. Contact us at: info@wedgenetworks.com. Let’s usher out the Chinese Year of the Snake and protect ourselves from the Snake malware while ushering in a much better 2020 Year of the Rat!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , | Leave a comment

Cyber Insurance Company Warning of 6X Increase in Ransomware Attacks: Not Just Healthcare is a Target

Posted on October 29, 2019 by Wedge Chief Scientist
No Gravatar

Wedge’s CFO recently forwarded me an article from the finance side of things that is painting an alarming picture. We’ve been talking a lot about how the Healthcare industry has been the main target of ransomware attacks but an article put out on insurancebusinessmag.com is painting an even bleaker picture for small businesses as a whole. According to cyber insurance company Tokyo Marine HCC, they have seen a 6-fold increase in ransomware attacks over the last four years, mainly targeting small businesses, with the costs of responding to these attacks up almost 10 x during that period.

It looks like the ransomware attackers have now finely honed their “business” and their testing of the market has shown how lucrative this business can be. Most businesses have been educated in the news by all the attacks, they know what ransomware is and how they have to pay the ransoms via bitcoin. Now that the ransomware business model is mature, with those hit by the ransomware being reassured that their data will be released upon payment, cyber criminals are upping the demands. Ransoms are jumping from the $10k-$30k range up to the six and seven figure range. Of course it also doesn’t help that insurance companies have joined the fray and are now covering part, if not all, of the losses from these attacks. Knowing that there is a deep-pocketed insurance company in the background that will be paying for the ransom is causing an upward shift in costs overall.

Getting back to the Healthcare industry, they have been the targets for so long because they typically have data that they cannot afford to go without for too long before their patient care starts suffering and before life and death situations start creeping into the equation. Not only that, but healthcare networks have also been known to provide good computing machinery for bitcoins mining, tons of good private and confidential data that could be used for blackmail or extortion schemes, not to mention that most of the OT machinery and diagnostic equipment running on the network cannot be easily patched with downtime costing the organization for every day they are not in operation. This doesn’t even touch on the potential for sabotage with patient misdiagnoses!!

Now, hackers are finding that other SMEs, such as accounting firms and retailers, can be just as affected as the healthcare industry by cutting off access to their critical data. Any industry that has mission and business critical data that is not adequately protected could be and will probably be an easy target. Even if they are covered with cyber insurance, the way costs are increasing, ransomware attacks are going to continue having a negative impact on everyone’s pocketbooks.

That’s why Wedge is so focused on ensuring that its WedgeAMB product is made available to provide the protection that these target SMEs need. With a deep content inspection and AI and machine-learning-based platform that can detect and block ransomware in real-time, WedgeAMB provides the extra blanket of protection that all SMEs need; PREVENTING ransomware from even entering the network and locking up mission critical data. SMEs can fight back by enabling more accurate real-time protection that will stop them from being another ransomware statistic. WedgeAMB is being offered for FREE on a 90 day trial. Contact us at: info@wedgenetworks.com to find out more! It takes everyone working together to solve this growing ransomware epidemic.

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , | Leave a comment

Ryuk Ransomware Continues Causing Headaches for Organizations – This Time Targeting Hospitals

Posted on October 7, 2019 by Wedge Chief Scientist
No Gravatar

Targeted ransomware of the Ryuk variety continues to cause headaches today with a noticeable uptick in attacks, more than a year after it started making the rounds; initially focused on organizations and businesses, it has more recently been focused on healthcare and hospitals.  Three hospitals in Ontario, Canada have been hit in recent weeks, which has raised the alarm that more facilities may be at risk in the coming days. 

What is interesting to note about the recent attacks is that the malware has so far only been trying to exfiltrate data instead of demanding money.  Word from Michael Garron Hospital CEO in Toronto is that, due to their firewalls, data was prevented from leaving the organization.  In this hospital’s case, the organization had over 100 servers, which are still being evaluated for infection.  The most immediate result was that a couple of elective surgeries and out-patient clinics had to be rescheduled while staff had to resort to paper documentation for their ongoing day-to-day operations.  Within a day, the organization noted that email services had been restored, although some VPN access was still not available and some minor administrative systems were still offline.  Thankfully, MGH, which is one of Toronto’s largest hospitals, had expert hospital teams in place and had prepared for all issues with extensive processes in place to respond quickly when experiencing disruptions in services.

Getting back to the Ryuk ransomware variety, this piece of malware is quite stealthy, remaining invisible to average users for weeks or months while it collects information about the organization and its perceived ability to pay a ransom.  If the hackers feel that the organization is a lucrative target, it then locks files and then demands a ransom in order to make them accessible again.  Ryuk is a very opportunistic and targeted ransomware, looking at organizations where a lockup of their files could do the most damage; potentially leading to higher ransomware amounts.

Thankfully, all three hospitals in Ontario have said that they have paid no money in order to retrieve their files and that no specific amount was demanded.  With detailed processes in place at all three organizations, systems are in the process of being restored.  Unfortunately, according to some cybersecurity experts, healthcare facilities are particularly vulnerable to malware attacks because of their reliance on specialized software that rarely gets updated.

The healthcare industry is hopefully not going to be as easy a victim as has been seen with the multitude of municipalities that have been rocked by ransomware attacks over the past year, with millions of dollars of ransom payouts having occurred and with more in the wings.  Wedge has recently been working with the healthcare industry in Eastern Canada and what we have been seeing has been somewhat comforting.  The hospitals and healthcare organizations that we have deployed with, on the whole, realize that they are sitting on goldmines of health, research and personal data that must be protected at all costs; especially with HIPAA regulations put in place by the governing bodies.  We have also seen that, as mentioned before, the healthcare industry, with their growing number of IoT devices, medical equipment and more, are more susceptible to attacks.  Any disruptions to networked systems and devices could wreak havoc on patient care; in many cases, which could have life or death consequences.

Wedge is very excited to be working with the hospitals to be able to provide a proven security platform that can help prevent the ransomware issue and that can ensure that patient data is secure, while enabling hospitals to maintain their high levels of patient care.  Since working with the healthcare industry, we have seen incredible results from the use of WedgeARP and the Advanced Malware Blocker in helping to detect and block ransomware such as Ryuk from making any headway with these organizations, all in real-time.  Healthcare organizations are realizing that with a small investment now, they can save a huge remediation cost later.  If your healthcare organization is concerned about this recent spate of targeted Ryuk attacks, contact us at: info@wedgenetworks.com or our team directly (Dale or Rob) to find out more about how you can be easily protected.  WedgeAMB is available for a FREE 90 day trial and we encourage all healthcare organizations to give us a try! 

Posted in Industry News, Latest Security News | Tagged , , , , , , | Leave a comment

The Global Ransomware Epidemic is Evolving and Getting Worse… First, US Cities, Now Major Cities in Canada. Are Europe or Asia Next?

Posted on August 14, 2019 by Wedge Chief Scientist
No Gravatar

As we’ve been writing about for much of this past year, hackers have hit dozens of municipalities in the U.S. so far; demanding ransom from various municipal departments, schools and even police departments – how brazen is that?!?  A recent article in The Star about a week ago showed us that, although the U.S. attacks are getting most of the press, Canadian municipalities are not immune to being hit themselves, with ransomware victims including a multitude of locations including Stratford, Wasaga Beach and, more recently, Toronto!

It was revealed last month by Toronto’s auditor general report that two of the city’s entities / departments were reportedly attacked by ransomware, compromising their systems.  Unfortunately, because protocols were not put in place, for both situations, the incidents were NOT communicated to the city’s CIO.  This has set off alarm bells at city hall and has triggered recommendations for stronger safeguards as it has exposed the vulnerabilities that Toronto’s systems have to hacker attacks.

Thankfully, the city’s main digital backbone was not compromised, but the attacks have spurred audit committee members to urge the acceleration of the development of notification protocols and steps to improve existing safeguards.  As a result, the city will create a new CISO position to oversee Toronto’s defences to attacks, and will include bolstering in-house security infrastructure and hiring private-sector experts to provide MSP services.  This is all well and good and is a positive sign that municipalities are starting to heed the warnings and are taking steps to protect themselves from what is seemingly an almost inevitable occurrence for potentially all cities.  

The whole ransomware epidemic has been rapidly evolving over time and we believe it will go beyond just the US and Canada. Our continued advice to all municipalities is to “get prepared”.   Hackers are now focused on municipalities, locking up their systems and causing more damage for a lot more people, because this often includes taking down essential municipal services. As a result, the desirability to just pay the ransom, in order to get services back as soon as possible, is very appealing to many of these  municipal victims, despite more than 225 U.S. mayors recently signing a resolution not to pay ransoms to hackers.  The jury is still out on whether this resolution will hold because the potential costs for not paying has been seen to be very steep.  For example, Baltimore refused hacker’s demands for $75K worth of bitcoin and now faces remediation costs of more than $18MM in order to get their systems back on line and to repair damages done.  

At Wedge, we’ve kept track of how the ransomware epidemic has evolved and progressed to where it is now and we consistently encourage Detection and Blocking as a solution to this epidemic.  We applaud the municipalities that are taking a proactive approach to protecting themselves; following the suggested advice of providing staff training for identifying potential phishing emails as well as what to do in the event of an attack, keeping full ‘out-of-band’ backups, continual assessment of weak points, updating and patching systems, and looking to network security solutions that provide real-time protection and remediation.  

At the same time, we continue to stress that real-time protection is a key part of the solution.  If municipalities can PREVENT an attack before it happens, they will be able to save themselves the headaches of having to go through the whole remediation process.  Wedge’s Advanced Malware Blocker, with its Deep Content Inspection and orchestrated threat management of industry-best-of-breed malware heuristics and artificial intelligence can detect and block ransomware and other malware in real-time!  In the ever-evolving ransomware epidemic, prevention has always been the one constant that can actually save an organization time and resources.  So, for our Canadian municipalities who are continuing their battle against ransomware, feel free to try WedgeAMB for FREE on a 90 day trial or contact our team at: info@wedgenetworks.com to learn more.

Posted in Industry News, Latest Security News, Wedge Channel Partner Forum, Wedge News | Tagged , , , , , , , | Leave a comment

The Numbers Are In… Were YOU One of the Victims? How Are YOU Protecting Yourself?

Posted on August 1, 2019 by Wedge Chief Scientist
No Gravatar

Our CFO Rob Fong placed this article by CPO Magazine on my desk and in it, the latest cyber attack numbers are in. From the article, according to a new report from the Internet Society’s Online Trust Alliance (OTA), their Cyber Incident & Breach Trends Report shows that cyber crime became a $45Bn industry in 2018.  

The numbers are staggering.  To put this in perspective, although the number of overall incidents of cybercrime have actually decreased in almost all areas, the $45Bn stolen in 2018 represents over 1/3 of the TOTAL losses from cyber crime since 2013!  As presented in an earlier blog, although ransomware saw a downturn in overall incidents, losses actually rose by 60%!  The big trend that is becoming more apparent is that cyber criminals are moving away from the quantity of indiscriminate attacks against a lot of individuals and are focusing their attacks more specifically at businesses and organizations (such as municipalities and other government agencies) that they perceive to have more significant resources.  We’ve seen the marked increase in ransomware attacks on municipalities and have blogged many many times about it.  The big increases included ransomware and business email compromises (which itself skyrocketed from $677MM in 2017 to $12.5Bn in 2018!)

The big takeaway from the above is that a) cyber crime trends are up, b) hackers are honing in where they can get their biggest kill c) organizational readiness for dealing with these attacks remains dismal – of all the attacks that were perpetrated, “95% of these attacks were determined to be preventable”.  And that’s the rub.  Organizations are continuously behind the eight ball when it comes to attacks.  Most of them continue to follow the Detect and Remediate way of doing things; with their security systems detecting attacks after they’ve already happened.  Of course, this leads to expensive clean up and remediation efforts, which have just added to the 2018 totals.

At Wedge, we’re trying our hardest to do our part in trying to get these numbers down by continually evangelizing our “Detect and Block” approach.  We always feel  that if you can prevent your organization from being a victim, you’ll save a ton of money in the long run!  So, how are you protecting yourself?  If you haven’t taken us up on our FREE 90 Day trial of our Wedge Advanced Malware Blocker, that uses Deep Content Inspection, along with Orchestrated Threat Management using best-of-breed security solutions and AI to detect and block ALL malware in real-time, what are you waiting for?  Contact us at:info@wedgenetworks.com so that you don’t become one of the 2019 statistic!!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , | Leave a comment

The Ransomware Scourge Continues. “To Pay or Not to Pay” is not the answer. GET YOURSELF PREPARED is!

Posted on July 29, 2019 by Wedge Chief Scientist
No Gravatar

The number of ransomware victims continues to mount with CNN reporting that attacks on cities continue to rise.  Law enforcement officials continue to warn against paying ransoms.  Security experts continue to suggest that even if victims pay their ransom, there is no guarantee that the victim’s data will be decrypted, and if it is, there’s also no guarantee that the data hasn’t been tainted or corrupted.   Meanwhile, insurance companies are now a factor as they are looking to minimize the damages that they have to pay out as an insurer in order to get their client organizations back up and running; even if it means that they pay the ransom.  Two very opposite stances.  One is taking the long-term view, “DO NOT PAY” trying to disincentivize hackers by taking away their quick score, while the other is taking the short-term view, or “PAY” out now so to minimize overall damage costs. 

And so, the debate rages on as to what is the proper response when an organization is hit.   A prime case came to light just recently as, just days after the Conference of Mayors passed a resolution opposing the payment of ransoms by cities, La Porte County in Indiana  did just the opposite; paying out ransom to the tune of $130K after their systems had been hit.  Granted, in this case, the county will pay about $30K, while its insurer will pay the remainder of the ransom.  The decision was also made after it was determined that the FBI’s own decryption software was unable to unlock the encrypted data.  Putting aside the ethics of the decision, La Porte made their decision from a cost perspective as other governments who declined to pay their ransoms ended up incurring a much heavier cost than the ransom that was demanded.  As an example, the city of Baltimore declined to pay their ransom demand of $76K and it is now estimated that the city will end up spending over $10MM in order to fully restore its computer network, not to mention that it is estimated that they have lost revenues amounting to around the same amount as a direct consequence of the attack. 

Regardless of the side of the debate that is appropriate to your situation, this is the new reality for IT Security teams in cities, government departments and other organizations around the world who have become the targets of hackers looking to make and easy score. The unfortunate thing is that attacks have been increasing against cities as of late because it is clear that cities are ill-prepared or typically underfunded to deal with these types of emergencies.  We’re seeing that it’s not only the big cities and states that are being affected but the smaller municipalities and counties being taken down as well.  Any organization that relies on a critical system or database in order to operate and that is typically known to be under protected, is ripe for the picking. 

Meanwhile, as the debate continues, what a lot of people don’t realize is that the best way to handle the scourge of ransomware is neither paying or not paying, it is to ensure that preventative measures are put in place to safeguard against an attack happening in the first place!  We’ve blogged about the bare minimum that organizations should do in order to protect themselves, especially when budgets are tight.  When it comes down to it, even with tight budgets, organizations can still put some measures in place since, as ALL cases have shown, it is ALWAYS much cheaper to prevent an attack than it is to have to remediate it after the fact. 

Preventative solutions is where Wedge comes in. The Wedge Advanced Malware Blocker product is a prime example of real-time security that has been proven to be effective in blocking ALL advanced attacks, ransomware, zero days and never-before-seen malware  BEFORE they can make their way to the vulnerable endpoints.  With our patented Deep Content Inspection, that can see ALL content going through the network, orchestrated with the industry’s best-of-breed security services and Artificial Intelligence / Machine Learning that detects and blocks all attacks and that helps us to keep several steps ahead of the hackers, organizations have a real choice in how they want to deal with the possibility of ransomware attacks.  Best of all, Wedge provides a FREE 90 day trial of the WedgeAMB product to anyone who is interested in seeing how it works for themselves!  As always, contact our team at: info@wedgenetworks.com to learn more!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , | Leave a comment

Scary Story of the Day: Security Vendors Know That Their Products Don’t Work. Getting SIEMFed and What Should a CISO Do?

Posted on July 22, 2019 by Wedge Chief Scientist
No Gravatar

An interesting ZDNet article by @ChrisMatyszczyk was forwarded to me recently that made me shudder.  In it, the author relates a story of how, as he was golfing, he came across a security software salesman (from a company quite well known in its field) that casually admitted to him that the security software he sold “doesn’t work”.  The author went on to provide the reasoning that the salesman gave in that the hackers are always one step ahead and that for every piece of software, old or new, out there, there is always some small opening through which a hacker can enter.  To justify himself, he felt that since his company’s software was “pretty good”, compared to most others, he didn’t feel bad about selling it, despite the fact that it “didn’t work”. 

While it is impossible to conclude anything, based on one conversation, the salesman’s remarks provide a couple of insights that I felt are worthy of a blog.  Being in the industry for as long as I have, I do realize that there are some companies out there, fairly respected ones at that, who continue putting out solutions based on older and less effective technologies.  The first insight is that in many of these cases, it is the same base technology, that has gained them the market share, which is also the technology that limits them; making it almost impossible to stay at the cutting edge.  But the second, more powerful insight, is that hackers seem to always be a couple of steps ahead. There is a reason for that, and it is surprisingly tied to the first insight, as you will equally conclude.  

There was another article that cropped up on Threatpost recently that showed how bad it has become for IT managers.   According to the research report quoted in the article, “In a survey of 3,100 IT managers across 12 countries (at organizations with 100 to 5,000 employees), two out of three of them said their organizations (68 percent) suffered a cyberattack in 2018, despite efforts to prevent them. This, despite the fact that a full 26 percent of IT’s time, on average, is spent on cybersecurity issues.”  Also, in the article was a statistic that stated:  “Nine out of 10 (91 percent) of the respondents said they were running up-to-date cybersecurity protections at the time of a successful attack.” These are both depressing and distressing figures, especially when we know that there are solutions out there that WORK and that can help prevent such attacks.  Using a military analogy, on some bad days, as a security practitioner, it sometimes feel that we are fighting a guerilla warfare with a regimented army where you have a huge weight to pull along.  The tools do not respond well; there are thousands of SIEM records flying by, leading to SIEM Fatigue (internally we call it getting SIEMFed) and it leads to just brutal analysis paralysis!   

So, while on the surface, the salesman’s comment might put a damper on those of us who are truly putting out cutting edge technology that DOES WORK, because the more established players have the larger footprint, no one blames the CISO for buying their product.  Even worse, the fact is that they can market-their-way over new innovation!  And THIS is exactly what I love about security startups and is the primary reason why I have always worked with them.  

While the old guard continues to go along their merry way, patching their solution here and there in order to keep up with the more ground-breaking advances that are being made; smaller and more nimble security startup companies have the drive, the innovation, and more importantly, the agility that can match and respond to these hackers.  It is so fulfilling to see the impact of these cutting edge innovations and their instant impact.  Thus, my message to our fellow CISOs cannot be any clearer – true, no one gets blamed for purchasing an established toolkit, but you have to also remember that you shouldn’t just bet on one set of tools.  You need to ensure that you make room in your budget for the up and coming innovations.  Take advantage of these startup companies’ agility and eagerness to earn your business and to ultimately bolster your security. 

At Wedge Networks, what drives us day in and day out is the belief that our approach is disruptive to the industry.  We’ve always firmly adhered to the Detect and Block approach, despite most of the industry resigning themselves to cater to Detect and Remediate.  The thing is, as we’ve seen especially recently with the spate of ransomware attacks and advanced threats that have become the norm, Detect and Remediate is and always will be the more expensive way of doing things.  That’s why we’ve always focused our solution on PREVENTION.  If we can STOP attacks in the network before they can reach endpoints, the battle is already half won!   

But beyond the products and technologies, we have always maintained the startup culture – and yes, working with my very capable team – we have continually made decisions that often led our product to be re-engineered from the ground up.  This has its advantages, as we’ve been able to remain quite nimble; allowing us to stay at the cutting edge. Wedge’s core patented technology has been based around Deep Content Inspection, Orchestration, and hyper-streaming.  We’ve always believed that what you can’t see, you can’t catch.  While other companies had focused on deep packet inspection, Wedge looked ahead and instead focused on better ways that we could inspect traffic; ultimately patenting our Deep Content Inspection technology. The way that we can SEE content flowing through the network has always been one of our main selling points.  Combining this with the orchestration of the industry’s best-of-breed security services, along with AI and machine learning, has enabled us to keep our solution “Evergreen”.  We know that technologies can get old and dated so, with our open bus platform, and our team’s agility, we decided to continually integrate the cutting edge technologies that were leading to better solutions that worked.  We can continually add on the latest and greatest technologies into our platform, allowing us to stay several steps ahead of the game.  Finally, our patented hyper-streaming technologies such as SubSonic and GreenStream, allows us to do all of the above in real-time, which is what is needed to truly Detect and Block advanced threats as they’re hitting the network.   And now, we’re one of the first to incorporate at the network level, what I believe is the latest game changer – Artificial intelligence – but that is worth another series of blogs just by itself. 

Thus, assuming the story holds true, unless you want to pay for extra rounds of golf for the salesman out there who continues to sell a product that “doesn’t work”, I recommend that CISOs try out solutions and products in the industry that truly DO work.  We are so sure of the effectiveness of our product that we even offer our Wedge Advanced Malware Blocker (WedgeAMB) on a FREE 90 day trial.  Contact our team at: info@wedgenetworks.com to learn more about a truly effective solution!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , | Leave a comment

Healthcare Services are Primed to be Hit By WannaCry Again: What Can They Do to Protect Themselves?

Posted on July 18, 2019 by Wedge Chief Scientist
No Gravatar

There have been a multitude of articles hitting the news as of late, sounding the alarm for Healthcare Services and related organizations to make sure that they have secured themselves as it looks like the WannaCry malware is making a comeback with hackers looking for a quick and easy payday.  Although the WannaCry cyberattack first hit worldwide over two years ago, many experts are saying that “institutions have not done enough to protect themselves against a repeat.  And that’s especially true in the healthcare sector.” 

For example, a report out this week by the Imperial College of London’s Institute of Global Health Innovation (IGHI), says that despite WannaCry having a financial cost to the UK’s National Health Service (NHS) of more than $100MM, hospitals in that country “remain vulnerable to cyber attack, and must take urgent steps to defend against threats which could risk the safety of patients.”  This is unfortunate as the defence against WannaCry and other ransomware is fairly straightforward for organizations to put in place.  Namely, keep equipment up to date, patch software and provide training and awareness to users while making sure the skills of IT staff are continuously maintained.  However, the lack of investment and training by Healthcare organizations is alarming, especially in light of attacks such as WannaCry in 2017, which should have spurred these organizations to improve their cybersecurity measures. 

As another article on the same topic put out by the Imperial College of Science, Technology and Medicine, the return of WannaCry is considered a “Looming Threat” as the authors point out that since that attack, there have been a number of new technologies being used in the healthcare industry, such as robotics, AI, implantable medical devices and personalized medicines based on a patient’s genes that are lacking built-in security and would be susceptible to such an attack.  WannaCry, if it hit again, would see hackers gaining access to personal information or even tampering with patients’ medical records.  And this is not just specific to the NHS, but applicable to all healthcare systems around the world. 

With healthcare and funding for healthcare funding coming under increasing financial pressure from government, industry and other stakeholders, these organizations are becoming hard pressed to ensure that they continue to allocate funds so that they can protect themselves from these potential threats. 

So, Wedge continues to keep trying to get the word out to healthcare organizations that there is indeed a solution available to them that can help them to beef up their systems to protect them from WannaCry, along with other malware.  While they should still be investing in the straightforward defences as mentioned earlier, they should also consider taking a proactive “Detect and Block” approach.  Once malware such as WannaCry has made it into an organization’s network, it is already too late.  Then, the focus becomes “Detect and Remediate”, which becomes a much more costly exercise.  

With Wedge’s Advanced Malware Blocker, healthcare organizations can invest in a solution that can completely prevent ransomware and other advanced targeted attacks from even making it into the network; and before it can cause any damage.  A small investment now, can save a huge remediation bill later.  WedgeAMB is available as a FREE 90 day trial and we encourage any healthcare organization who feels that they are lacking in adequate protection to give it a try!  Contact us at: info@wedgenetworks.com to find out how easy it is to deploy WedgeAMB and to provide that extra level of protection that your organization needs against WannaCry and others.

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , | Leave a comment

Over 1/4 of UK Firms Have Been Victims of Ransomware Over the Past Year: Could These Attacks Have Been Prevented?

Posted on July 15, 2019 by Wedge Chief Scientist
No Gravatar

A recent InfoSecurity Magazine article was published recently that highlighted how dire the Ransomware situation is getting; particularly in the UK.  According to figures released by data backup firm Databarracks, over 28% of UK organizations have been hit by ransomware over the past 12 months.  According to them, “This is slightly lower than the peak of 29% in 2017, the year WannaCry hit, but much higher than the 2016 figure of 16%.”

While Databarracks highly recommends that the only way organizations can fully protect themselves is by having historic backup copies of their data, their opinion is that outright prevention is not viable.  We, at Wedge, do concur with their suggestion for having backups, but we also strongly believe that outright prevention actually IS possible.  And, in the long run, is a much more cost-effective way for organizations to protect themselves.

We invite Databarracks to look at our approach where instead of looking at remediation efforts, after the fact, we have focused squarely on prevention with our “Detect and Block” approach.  To quote Benjamin Franklin, we feel that “An ounce of prevention is worth a pound of cure.”  That goes the same with cybersecurity.  It will cost a firm much more to go through a remediation process than it would to simply have a solution in place that can detect and block any and ALL advanced threats, zero-days and other never-before-seen malware.  If malicious content can’t make its way into your network, then it can’t cause any harm.

The way we do it is with our Wedge Absolute Real-time Protection platform, on which the Wedge Advanced Malware Blocker is based.  This solution can SEE all content flowing through the network and can detect and block malicious content in real-time as a result of multiple patented technologies such as Deep Content Inspection, all orchestrated with the industry’s best-of-breed services, combined with Artificial Intelligence and machine learning.  By having the ability to block all advanced threats, such as ransomware, in real-time, BEFORE they can even reach the endpoint, it takes away the ability to lock up data and shut down the network.

WedgeAMB is a proven solution that can actually PREVENT attacks.  If you’re interested in learning more, we offer a FREE 90 day trial to any and all organizations who are like-minded and who believe that if they can prevent attacks, they’ll be better off.  Contact us at: info@wedgenetworks.com to learn more!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , | Leave a comment