Cyber Insurance Company Warning of 6X Increase in Ransomware Attacks: Not Just Healthcare is a Target

No Gravatar

Wedge’s CFO recently forwarded me an article from the finance side of things that is painting an alarming picture. We’ve been talking a lot about how the Healthcare industry has been the main target of ransomware attacks but an article put out on insurancebusinessmag.com is painting an even bleaker picture for small businesses as a whole. According to cyber insurance company Tokyo Marine HCC, they have seen a 6-fold increase in ransomware attacks over the last four years, mainly targeting small businesses, with the costs of responding to these attacks up almost 10 x during that period.

It looks like the ransomware attackers have now finely honed their “business” and their testing of the market has shown how lucrative this business can be. Most businesses have been educated in the news by all the attacks, they know what ransomware is and how they have to pay the ransoms via bitcoin. Now that the ransomware business model is mature, with those hit by the ransomware being reassured that their data will be released upon payment, cyber criminals are upping the demands. Ransoms are jumping from the $10k-$30k range up to the six and seven figure range. Of course it also doesn’t help that insurance companies have joined the fray and are now covering part, if not all, of the losses from these attacks. Knowing that there is a deep-pocketed insurance company in the background that will be paying for the ransom is causing an upward shift in costs overall.

Getting back to the Healthcare industry, they have been the targets for so long because they typically have data that they cannot afford to go without for too long before their patient care starts suffering and before life and death situations start creeping into the equation. Not only that, but healthcare networks have also been known to provide good computing machinery for bitcoins mining, tons of good private and confidential data that could be used for blackmail or extortion schemes, not to mention that most of the OT machinery and diagnostic equipment running on the network cannot be easily patched with downtime costing the organization for every day they are not in operation. This doesn’t even touch on the potential for sabotage with patient misdiagnoses!!

Now, hackers are finding that other SMEs, such as accounting firms and retailers, can be just as affected as the healthcare industry by cutting off access to their critical data. Any industry that has mission and business critical data that is not adequately protected could be and will probably be an easy target. Even if they are covered with cyber insurance, the way costs are increasing, ransomware attacks are going to continue having a negative impact on everyone’s pocketbooks.

That’s why Wedge is so focused on ensuring that its WedgeAMB product is made available to provide the protection that these target SMEs need. With a deep content inspection and AI and machine-learning-based platform that can detect and block ransomware in real-time, WedgeAMB provides the extra blanket of protection that all SMEs need; PREVENTING ransomware from even entering the network and locking up mission critical data. SMEs can fight back by enabling more accurate real-time protection that will stop them from being another ransomware statistic. WedgeAMB is being offered for FREE on a 90 day trial. Contact us at: info@wedgenetworks.com to find out more! It takes everyone working together to solve this growing ransomware epidemic.

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , | Leave a comment

Ryuk Ransomware Continues Causing Headaches for Organizations – This Time Targeting Hospitals

No Gravatar

Targeted ransomware of the Ryuk variety continues to cause headaches today with a noticeable uptick in attacks, more than a year after it started making the rounds; initially focused on organizations and businesses, it has more recently been focused on healthcare and hospitals.  Three hospitals in Ontario, Canada have been hit in recent weeks, which has raised the alarm that more facilities may be at risk in the coming days. 

What is interesting to note about the recent attacks is that the malware has so far only been trying to exfiltrate data instead of demanding money.  Word from Michael Garron Hospital CEO in Toronto is that, due to their firewalls, data was prevented from leaving the organization.  In this hospital’s case, the organization had over 100 servers, which are still being evaluated for infection.  The most immediate result was that a couple of elective surgeries and out-patient clinics had to be rescheduled while staff had to resort to paper documentation for their ongoing day-to-day operations.  Within a day, the organization noted that email services had been restored, although some VPN access was still not available and some minor administrative systems were still offline.  Thankfully, MGH, which is one of Toronto’s largest hospitals, had expert hospital teams in place and had prepared for all issues with extensive processes in place to respond quickly when experiencing disruptions in services.

Getting back to the Ryuk ransomware variety, this piece of malware is quite stealthy, remaining invisible to average users for weeks or months while it collects information about the organization and its perceived ability to pay a ransom.  If the hackers feel that the organization is a lucrative target, it then locks files and then demands a ransom in order to make them accessible again.  Ryuk is a very opportunistic and targeted ransomware, looking at organizations where a lockup of their files could do the most damage; potentially leading to higher ransomware amounts.

Thankfully, all three hospitals in Ontario have said that they have paid no money in order to retrieve their files and that no specific amount was demanded.  With detailed processes in place at all three organizations, systems are in the process of being restored.  Unfortunately, according to some cybersecurity experts, healthcare facilities are particularly vulnerable to malware attacks because of their reliance on specialized software that rarely gets updated.

The healthcare industry is hopefully not going to be as easy a victim as has been seen with the multitude of municipalities that have been rocked by ransomware attacks over the past year, with millions of dollars of ransom payouts having occurred and with more in the wings.  Wedge has recently been working with the healthcare industry in Eastern Canada and what we have been seeing has been somewhat comforting.  The hospitals and healthcare organizations that we have deployed with, on the whole, realize that they are sitting on goldmines of health, research and personal data that must be protected at all costs; especially with HIPAA regulations put in place by the governing bodies.  We have also seen that, as mentioned before, the healthcare industry, with their growing number of IoT devices, medical equipment and more, are more susceptible to attacks.  Any disruptions to networked systems and devices could wreak havoc on patient care; in many cases, which could have life or death consequences.

Wedge is very excited to be working with the hospitals to be able to provide a proven security platform that can help prevent the ransomware issue and that can ensure that patient data is secure, while enabling hospitals to maintain their high levels of patient care.  Since working with the healthcare industry, we have seen incredible results from the use of WedgeARP and the Advanced Malware Blocker in helping to detect and block ransomware such as Ryuk from making any headway with these organizations, all in real-time.  Healthcare organizations are realizing that with a small investment now, they can save a huge remediation cost later.  If your healthcare organization is concerned about this recent spate of targeted Ryuk attacks, contact us at: info@wedgenetworks.com or our team directly (Dale or Rob) to find out more about how you can be easily protected.  WedgeAMB is available for a FREE 90 day trial and we encourage all healthcare organizations to give us a try! 

Posted in Industry News, Latest Security News | Tagged , , , , , , | Leave a comment

The Global Ransomware Epidemic is Evolving and Getting Worse… First, US Cities, Now Major Cities in Canada. Are Europe or Asia Next?

No Gravatar

As we’ve been writing about for much of this past year, hackers have hit dozens of municipalities in the U.S. so far; demanding ransom from various municipal departments, schools and even police departments – how brazen is that?!?  A recent article in The Star about a week ago showed us that, although the U.S. attacks are getting most of the press, Canadian municipalities are not immune to being hit themselves, with ransomware victims including a multitude of locations including Stratford, Wasaga Beach and, more recently, Toronto!

It was revealed last month by Toronto’s auditor general report that two of the city’s entities / departments were reportedly attacked by ransomware, compromising their systems.  Unfortunately, because protocols were not put in place, for both situations, the incidents were NOT communicated to the city’s CIO.  This has set off alarm bells at city hall and has triggered recommendations for stronger safeguards as it has exposed the vulnerabilities that Toronto’s systems have to hacker attacks.

Thankfully, the city’s main digital backbone was not compromised, but the attacks have spurred audit committee members to urge the acceleration of the development of notification protocols and steps to improve existing safeguards.  As a result, the city will create a new CISO position to oversee Toronto’s defences to attacks, and will include bolstering in-house security infrastructure and hiring private-sector experts to provide MSP services.  This is all well and good and is a positive sign that municipalities are starting to heed the warnings and are taking steps to protect themselves from what is seemingly an almost inevitable occurrence for potentially all cities.  

The whole ransomware epidemic has been rapidly evolving over time and we believe it will go beyond just the US and Canada. Our continued advice to all municipalities is to “get prepared”.   Hackers are now focused on municipalities, locking up their systems and causing more damage for a lot more people, because this often includes taking down essential municipal services. As a result, the desirability to just pay the ransom, in order to get services back as soon as possible, is very appealing to many of these  municipal victims, despite more than 225 U.S. mayors recently signing a resolution not to pay ransoms to hackers.  The jury is still out on whether this resolution will hold because the potential costs for not paying has been seen to be very steep.  For example, Baltimore refused hacker’s demands for $75K worth of bitcoin and now faces remediation costs of more than $18MM in order to get their systems back on line and to repair damages done.  

At Wedge, we’ve kept track of how the ransomware epidemic has evolved and progressed to where it is now and we consistently encourage Detection and Blocking as a solution to this epidemic.  We applaud the municipalities that are taking a proactive approach to protecting themselves; following the suggested advice of providing staff training for identifying potential phishing emails as well as what to do in the event of an attack, keeping full ‘out-of-band’ backups, continual assessment of weak points, updating and patching systems, and looking to network security solutions that provide real-time protection and remediation.  

At the same time, we continue to stress that real-time protection is a key part of the solution.  If municipalities can PREVENT an attack before it happens, they will be able to save themselves the headaches of having to go through the whole remediation process.  Wedge’s Advanced Malware Blocker, with its Deep Content Inspection and orchestrated threat management of industry-best-of-breed malware heuristics and artificial intelligence can detect and block ransomware and other malware in real-time!  In the ever-evolving ransomware epidemic, prevention has always been the one constant that can actually save an organization time and resources.  So, for our Canadian municipalities who are continuing their battle against ransomware, feel free to try WedgeAMB for FREE on a 90 day trial or contact our team at: info@wedgenetworks.com to learn more.

Posted in Industry News, Latest Security News, Wedge Channel Partner Forum, Wedge News | Tagged , , , , , , , | Leave a comment

The Numbers Are In… Were YOU One of the Victims? How Are YOU Protecting Yourself?

No Gravatar

Our CFO Rob Fong placed this article by CPO Magazine on my desk and in it, the latest cyber attack numbers are in. From the article, according to a new report from the Internet Society’s Online Trust Alliance (OTA), their Cyber Incident & Breach Trends Report shows that cyber crime became a $45Bn industry in 2018.  

The numbers are staggering.  To put this in perspective, although the number of overall incidents of cybercrime have actually decreased in almost all areas, the $45Bn stolen in 2018 represents over 1/3 of the TOTAL losses from cyber crime since 2013!  As presented in an earlier blog, although ransomware saw a downturn in overall incidents, losses actually rose by 60%!  The big trend that is becoming more apparent is that cyber criminals are moving away from the quantity of indiscriminate attacks against a lot of individuals and are focusing their attacks more specifically at businesses and organizations (such as municipalities and other government agencies) that they perceive to have more significant resources.  We’ve seen the marked increase in ransomware attacks on municipalities and have blogged many many times about it.  The big increases included ransomware and business email compromises (which itself skyrocketed from $677MM in 2017 to $12.5Bn in 2018!)

The big takeaway from the above is that a) cyber crime trends are up, b) hackers are honing in where they can get their biggest kill c) organizational readiness for dealing with these attacks remains dismal – of all the attacks that were perpetrated, “95% of these attacks were determined to be preventable”.  And that’s the rub.  Organizations are continuously behind the eight ball when it comes to attacks.  Most of them continue to follow the Detect and Remediate way of doing things; with their security systems detecting attacks after they’ve already happened.  Of course, this leads to expensive clean up and remediation efforts, which have just added to the 2018 totals.

At Wedge, we’re trying our hardest to do our part in trying to get these numbers down by continually evangelizing our “Detect and Block” approach.  We always feel  that if you can prevent your organization from being a victim, you’ll save a ton of money in the long run!  So, how are you protecting yourself?  If you haven’t taken us up on our FREE 90 Day trial of our Wedge Advanced Malware Blocker, that uses Deep Content Inspection, along with Orchestrated Threat Management using best-of-breed security solutions and AI to detect and block ALL malware in real-time, what are you waiting for?  Contact us at:info@wedgenetworks.com so that you don’t become one of the 2019 statistic!!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , | Leave a comment

The Ransomware Scourge Continues. “To Pay or Not to Pay” is not the answer. GET YOURSELF PREPARED is!

No Gravatar

The number of ransomware victims continues to mount with CNN reporting that attacks on cities continue to rise.  Law enforcement officials continue to warn against paying ransoms.  Security experts continue to suggest that even if victims pay their ransom, there is no guarantee that the victim’s data will be decrypted, and if it is, there’s also no guarantee that the data hasn’t been tainted or corrupted.   Meanwhile, insurance companies are now a factor as they are looking to minimize the damages that they have to pay out as an insurer in order to get their client organizations back up and running; even if it means that they pay the ransom.  Two very opposite stances.  One is taking the long-term view, “DO NOT PAY” trying to disincentivize hackers by taking away their quick score, while the other is taking the short-term view, or “PAY” out now so to minimize overall damage costs. 

And so, the debate rages on as to what is the proper response when an organization is hit.   A prime case came to light just recently as, just days after the Conference of Mayors passed a resolution opposing the payment of ransoms by cities, La Porte County in Indiana  did just the opposite; paying out ransom to the tune of $130K after their systems had been hit.  Granted, in this case, the county will pay about $30K, while its insurer will pay the remainder of the ransom.  The decision was also made after it was determined that the FBI’s own decryption software was unable to unlock the encrypted data.  Putting aside the ethics of the decision, La Porte made their decision from a cost perspective as other governments who declined to pay their ransoms ended up incurring a much heavier cost than the ransom that was demanded.  As an example, the city of Baltimore declined to pay their ransom demand of $76K and it is now estimated that the city will end up spending over $10MM in order to fully restore its computer network, not to mention that it is estimated that they have lost revenues amounting to around the same amount as a direct consequence of the attack. 

Regardless of the side of the debate that is appropriate to your situation, this is the new reality for IT Security teams in cities, government departments and other organizations around the world who have become the targets of hackers looking to make and easy score. The unfortunate thing is that attacks have been increasing against cities as of late because it is clear that cities are ill-prepared or typically underfunded to deal with these types of emergencies.  We’re seeing that it’s not only the big cities and states that are being affected but the smaller municipalities and counties being taken down as well.  Any organization that relies on a critical system or database in order to operate and that is typically known to be under protected, is ripe for the picking. 

Meanwhile, as the debate continues, what a lot of people don’t realize is that the best way to handle the scourge of ransomware is neither paying or not paying, it is to ensure that preventative measures are put in place to safeguard against an attack happening in the first place!  We’ve blogged about the bare minimum that organizations should do in order to protect themselves, especially when budgets are tight.  When it comes down to it, even with tight budgets, organizations can still put some measures in place since, as ALL cases have shown, it is ALWAYS much cheaper to prevent an attack than it is to have to remediate it after the fact. 

Preventative solutions is where Wedge comes in. The Wedge Advanced Malware Blocker product is a prime example of real-time security that has been proven to be effective in blocking ALL advanced attacks, ransomware, zero days and never-before-seen malware  BEFORE they can make their way to the vulnerable endpoints.  With our patented Deep Content Inspection, that can see ALL content going through the network, orchestrated with the industry’s best-of-breed security services and Artificial Intelligence / Machine Learning that detects and blocks all attacks and that helps us to keep several steps ahead of the hackers, organizations have a real choice in how they want to deal with the possibility of ransomware attacks.  Best of all, Wedge provides a FREE 90 day trial of the WedgeAMB product to anyone who is interested in seeing how it works for themselves!  As always, contact our team at: info@wedgenetworks.com to learn more!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , | Leave a comment

Scary Story of the Day: Security Vendors Know That Their Products Don’t Work. Getting SIEMFed and What Should a CISO Do?

No Gravatar

An interesting ZDNet article by @ChrisMatyszczyk was forwarded to me recently that made me shudder.  In it, the author relates a story of how, as he was golfing, he came across a security software salesman (from a company quite well known in its field) that casually admitted to him that the security software he sold “doesn’t work”.  The author went on to provide the reasoning that the salesman gave in that the hackers are always one step ahead and that for every piece of software, old or new, out there, there is always some small opening through which a hacker can enter.  To justify himself, he felt that since his company’s software was “pretty good”, compared to most others, he didn’t feel bad about selling it, despite the fact that it “didn’t work”. 

While it is impossible to conclude anything, based on one conversation, the salesman’s remarks provide a couple of insights that I felt are worthy of a blog.  Being in the industry for as long as I have, I do realize that there are some companies out there, fairly respected ones at that, who continue putting out solutions based on older and less effective technologies.  The first insight is that in many of these cases, it is the same base technology, that has gained them the market share, which is also the technology that limits them; making it almost impossible to stay at the cutting edge.  But the second, more powerful insight, is that hackers seem to always be a couple of steps ahead. There is a reason for that, and it is surprisingly tied to the first insight, as you will equally conclude.  

There was another article that cropped up on Threatpost recently that showed how bad it has become for IT managers.   According to the research report quoted in the article, “In a survey of 3,100 IT managers across 12 countries (at organizations with 100 to 5,000 employees), two out of three of them said their organizations (68 percent) suffered a cyberattack in 2018, despite efforts to prevent them. This, despite the fact that a full 26 percent of IT’s time, on average, is spent on cybersecurity issues.”  Also, in the article was a statistic that stated:  “Nine out of 10 (91 percent) of the respondents said they were running up-to-date cybersecurity protections at the time of a successful attack.” These are both depressing and distressing figures, especially when we know that there are solutions out there that WORK and that can help prevent such attacks.  Using a military analogy, on some bad days, as a security practitioner, it sometimes feel that we are fighting a guerilla warfare with a regimented army where you have a huge weight to pull along.  The tools do not respond well; there are thousands of SIEM records flying by, leading to SIEM Fatigue (internally we call it getting SIEMFed) and it leads to just brutal analysis paralysis!   

So, while on the surface, the salesman’s comment might put a damper on those of us who are truly putting out cutting edge technology that DOES WORK, because the more established players have the larger footprint, no one blames the CISO for buying their product.  Even worse, the fact is that they can market-their-way over new innovation!  And THIS is exactly what I love about security startups and is the primary reason why I have always worked with them.  

While the old guard continues to go along their merry way, patching their solution here and there in order to keep up with the more ground-breaking advances that are being made; smaller and more nimble security startup companies have the drive, the innovation, and more importantly, the agility that can match and respond to these hackers.  It is so fulfilling to see the impact of these cutting edge innovations and their instant impact.  Thus, my message to our fellow CISOs cannot be any clearer – true, no one gets blamed for purchasing an established toolkit, but you have to also remember that you shouldn’t just bet on one set of tools.  You need to ensure that you make room in your budget for the up and coming innovations.  Take advantage of these startup companies’ agility and eagerness to earn your business and to ultimately bolster your security. 

At Wedge Networks, what drives us day in and day out is the belief that our approach is disruptive to the industry.  We’ve always firmly adhered to the Detect and Block approach, despite most of the industry resigning themselves to cater to Detect and Remediate.  The thing is, as we’ve seen especially recently with the spate of ransomware attacks and advanced threats that have become the norm, Detect and Remediate is and always will be the more expensive way of doing things.  That’s why we’ve always focused our solution on PREVENTION.  If we can STOP attacks in the network before they can reach endpoints, the battle is already half won!   

But beyond the products and technologies, we have always maintained the startup culture – and yes, working with my very capable team – we have continually made decisions that often led our product to be re-engineered from the ground up.  This has its advantages, as we’ve been able to remain quite nimble; allowing us to stay at the cutting edge. Wedge’s core patented technology has been based around Deep Content Inspection, Orchestration, and hyper-streaming.  We’ve always believed that what you can’t see, you can’t catch.  While other companies had focused on deep packet inspection, Wedge looked ahead and instead focused on better ways that we could inspect traffic; ultimately patenting our Deep Content Inspection technology. The way that we can SEE content flowing through the network has always been one of our main selling points.  Combining this with the orchestration of the industry’s best-of-breed security services, along with AI and machine learning, has enabled us to keep our solution “Evergreen”.  We know that technologies can get old and dated so, with our open bus platform, and our team’s agility, we decided to continually integrate the cutting edge technologies that were leading to better solutions that worked.  We can continually add on the latest and greatest technologies into our platform, allowing us to stay several steps ahead of the game.  Finally, our patented hyper-streaming technologies such as SubSonic and GreenStream, allows us to do all of the above in real-time, which is what is needed to truly Detect and Block advanced threats as they’re hitting the network.   And now, we’re one of the first to incorporate at the network level, what I believe is the latest game changer – Artificial intelligence – but that is worth another series of blogs just by itself. 

Thus, assuming the story holds true, unless you want to pay for extra rounds of golf for the salesman out there who continues to sell a product that “doesn’t work”, I recommend that CISOs try out solutions and products in the industry that truly DO work.  We are so sure of the effectiveness of our product that we even offer our Wedge Advanced Malware Blocker (WedgeAMB) on a FREE 90 day trial.  Contact our team at: info@wedgenetworks.com to learn more about a truly effective solution!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , | Leave a comment

Healthcare Services are Primed to be Hit By WannaCry Again: What Can They Do to Protect Themselves?

No Gravatar

There have been a multitude of articles hitting the news as of late, sounding the alarm for Healthcare Services and related organizations to make sure that they have secured themselves as it looks like the WannaCry malware is making a comeback with hackers looking for a quick and easy payday.  Although the WannaCry cyberattack first hit worldwide over two years ago, many experts are saying that “institutions have not done enough to protect themselves against a repeat.  And that’s especially true in the healthcare sector.” 

For example, a report out this week by the Imperial College of London’s Institute of Global Health Innovation (IGHI), says that despite WannaCry having a financial cost to the UK’s National Health Service (NHS) of more than $100MM, hospitals in that country “remain vulnerable to cyber attack, and must take urgent steps to defend against threats which could risk the safety of patients.”  This is unfortunate as the defence against WannaCry and other ransomware is fairly straightforward for organizations to put in place.  Namely, keep equipment up to date, patch software and provide training and awareness to users while making sure the skills of IT staff are continuously maintained.  However, the lack of investment and training by Healthcare organizations is alarming, especially in light of attacks such as WannaCry in 2017, which should have spurred these organizations to improve their cybersecurity measures. 

As another article on the same topic put out by the Imperial College of Science, Technology and Medicine, the return of WannaCry is considered a “Looming Threat” as the authors point out that since that attack, there have been a number of new technologies being used in the healthcare industry, such as robotics, AI, implantable medical devices and personalized medicines based on a patient’s genes that are lacking built-in security and would be susceptible to such an attack.  WannaCry, if it hit again, would see hackers gaining access to personal information or even tampering with patients’ medical records.  And this is not just specific to the NHS, but applicable to all healthcare systems around the world. 

With healthcare and funding for healthcare funding coming under increasing financial pressure from government, industry and other stakeholders, these organizations are becoming hard pressed to ensure that they continue to allocate funds so that they can protect themselves from these potential threats. 

So, Wedge continues to keep trying to get the word out to healthcare organizations that there is indeed a solution available to them that can help them to beef up their systems to protect them from WannaCry, along with other malware.  While they should still be investing in the straightforward defences as mentioned earlier, they should also consider taking a proactive “Detect and Block” approach.  Once malware such as WannaCry has made it into an organization’s network, it is already too late.  Then, the focus becomes “Detect and Remediate”, which becomes a much more costly exercise.  

With Wedge’s Advanced Malware Blocker, healthcare organizations can invest in a solution that can completely prevent ransomware and other advanced targeted attacks from even making it into the network; and before it can cause any damage.  A small investment now, can save a huge remediation bill later.  WedgeAMB is available as a FREE 90 day trial and we encourage any healthcare organization who feels that they are lacking in adequate protection to give it a try!  Contact us at: info@wedgenetworks.com to find out how easy it is to deploy WedgeAMB and to provide that extra level of protection that your organization needs against WannaCry and others.

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , | Leave a comment

Over 1/4 of UK Firms Have Been Victims of Ransomware Over the Past Year: Could These Attacks Have Been Prevented?

No Gravatar

A recent InfoSecurity Magazine article was published recently that highlighted how dire the Ransomware situation is getting; particularly in the UK.  According to figures released by data backup firm Databarracks, over 28% of UK organizations have been hit by ransomware over the past 12 months.  According to them, “This is slightly lower than the peak of 29% in 2017, the year WannaCry hit, but much higher than the 2016 figure of 16%.”

While Databarracks highly recommends that the only way organizations can fully protect themselves is by having historic backup copies of their data, their opinion is that outright prevention is not viable.  We, at Wedge, do concur with their suggestion for having backups, but we also strongly believe that outright prevention actually IS possible.  And, in the long run, is a much more cost-effective way for organizations to protect themselves.

We invite Databarracks to look at our approach where instead of looking at remediation efforts, after the fact, we have focused squarely on prevention with our “Detect and Block” approach.  To quote Benjamin Franklin, we feel that “An ounce of prevention is worth a pound of cure.”  That goes the same with cybersecurity.  It will cost a firm much more to go through a remediation process than it would to simply have a solution in place that can detect and block any and ALL advanced threats, zero-days and other never-before-seen malware.  If malicious content can’t make its way into your network, then it can’t cause any harm.

The way we do it is with our Wedge Absolute Real-time Protection platform, on which the Wedge Advanced Malware Blocker is based.  This solution can SEE all content flowing through the network and can detect and block malicious content in real-time as a result of multiple patented technologies such as Deep Content Inspection, all orchestrated with the industry’s best-of-breed services, combined with Artificial Intelligence and machine learning.  By having the ability to block all advanced threats, such as ransomware, in real-time, BEFORE they can even reach the endpoint, it takes away the ability to lock up data and shut down the network.

WedgeAMB is a proven solution that can actually PREVENT attacks.  If you’re interested in learning more, we offer a FREE 90 day trial to any and all organizations who are like-minded and who believe that if they can prevent attacks, they’ll be better off.  Contact us at: info@wedgenetworks.com to learn more!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , | Leave a comment

The Ransomware Tsunami Is Coming! Is Your Municipality Prepared When It Hits?

No Gravatar

We’ve seen it.  We’ve been blogging about it.  Ransomware is on the rise…and it is hitting municipalities hard.  Multiple cities in Florida have been hit and have paid out hundreds of thousands of dollars in bitcoin, against law enforcement recommendations.  Others had no other choice. It was either that or make residents suffer as they tried to recover computer systems and databases.  Other cities, like Atlanta and Baltimore, have been hit even harder, spending over $17MM and $18MM respectively, as they try to recover from their attacks.  

We can say it is the perfect storm.  While Law enforcement continues to encourage organizations not to pay, those cities that don’t give into the ransom demands appear to be “taking one for the team” as their remediation costs often balloon past the initial ransom demands.  For smaller municipalities, they’re taking the “easy way out”; paying the ransoms in hopes that they can get back in business as quickly as possible, with some being fortunate enough to have insurance coverage for their losses.  This presents an opportunity which hackers and bad actors will undoubtedly seize setting us up for the perfect storm, or a ransomware tsunami as noted in this recent Forbes article.  

I get asked – so what are the things these municipalities can do to make protect themselves?  Yes, it is understandable that municipal budgets are tight (typically budgets only get released when bad things happen), but at a minimum any municipality can do these in priority order:

  1. Backups.  The Perform frequent backups of your system and other important files, and verify your backups regularly. If your computer becomes infected with ransomware, you can restore your system to its previous state using your backups.  You need to plan your backups such that regular backups are done for all systems and that these backups do not overwrite (read our blog about Tony’s Meats)… and under no circumstances, should these backups be connected to the internet.  
  2. Ransomware Outbreak Drill.  Ensure that IT staff is trained on how to handle a ransomware outbreak; if you have a Business Continuity Plan, please put Ransomware Recovery as part of your IT Recovery strategies.  Think of it, your building and facilities manager has an emergency preparedness/fire drill, so why wouldn’t you do a Ransomware Drill?
  3. Assess your weak points.  Do a full assessment of the network; there are several products and service providers around that can help with this. 
  4. Inventory and Patch Often.  Continually have an updated inventory of all software and all IT components on your network; have a patching strategy to update these.
  5. Network Security Solutions that Provide Real-time Protection and Remediation.  We have said it before, and we will continue to say it – products such as Sandboxes that detect breaches only to tell you have been screwed minutes or potentially hours later. See the NSS Time to Detection Chart Prepared for Cisco:
https://www.cisco.com/c/dam/en/us/products/collateral/security/advanced-malware-protection/nss-labs-2015-bds-svm-flysheet.pdf

As an example of Real-time security, Wedge’s Absolute Real-time Protection (WedgeARP) line of products combine: Deep Content Inspection so that it can see ALL content going through the network and improve on detection accuracy, Orchestration of the industry’s best-of-breed security services to cover all advanced threats, Artificial Intelligence and Machine Learning to detect never-before-seen malware, and hyper-streaming technologies like SubSonic and GreenStreaming so that all of the detection and blocking can happen in Real-time with no perceptible latency.  When combining WedgeARP, which is the tool of choice for Managed Detection and Response (MDR) providers, with a capable Endpoint Detection and Response (EDR) system, you have a potent solution that can Detect and Block in real-time (instead of minutes or hours like sandboxes!) while also providing real-time remediation through interactions with the EDR system. 

The above suggestions can often help the organization rebuild its systems much quicker and at minimal expense without having to pay the ransom.  As we’ve mentioned in a previous blog, although employees are always a risk factor, they are a factor that cannot be taken out of the equation and unfortunately, they are also the factor that are often the cause of the ransomware attack with an errant click on a phishing email.  In this case, cities should try to have their employees go through security awareness training so that they develop a healthy sense of paranoia around suspicious communications.  Beyond that, there is also having organizations harden the security of their systems, such as keeping a firm hand on software that is allowed on work computers and making sure that they’re all kept up to date with regards to patches.  In combination, these preventative measures can start adding up, and they’re still fallible.

And of course, at Wedge Networks we try to make things a bit easier with our Wedge Advanced Malware Blocker.  We know that the human factor will always be there and that sometimes patches get missed.  By employing WedgeAMB, it provides municipalities with that extra blanket of comfort.  By being able to detect and BLOCK advanced threats, never-before-seen malware and other suspicious content BEFORE they can even reach the endpoints.  We’ve always taken the Proactive approach to security and with out patented Deep Content Inspection and orchestrated threat management of the industry’s best-of-breed malware heuristics and artificial intelligence, we are hoping to help municipalities protect themselves by PREVENTING ransomware attacks.  Hopefully if more cities out there take this approach, we can stem the tide of ransomware that seems almost like an inevitability.  You can try WedgeAMB for FREE on a 90 day trial.  Contact our team at: info@wedgenetworks.com to learn more.

PS: UPDATE

We are thrilled that yesterday, July 11, 2019 at the 87th Annual Meeting of the United States Council of Mayors, US Mayor’s have voted and vowed against paying for ransomware where they affirmed:

“NOW, THEREFORE, BE IT RESOLVED, that the United States Conference of Mayors stands united against paying ransoms in the event of an IT security breach.”

We applaud wholeheartedly!  Well done!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , , | Leave a comment

With Ransomware the Human Factor Is Always an Issue, But You Can’t Fire Everyone! It’s Better to Learn From Their Mistakes…

No Gravatar

Another couple of articles recently hit the news, adding to the number of municipalities and local governments being hit by ransomware, as well as describing some of the fallout from these attacks.  The biggest takeaway is that these ransomware attacks are, in most, if not all cases, the result of an employee clicking an attachment in an email and unleashing the malware onto the network.  However, despite wanting to get rid of this “exposure”, we have to remember that the Human Factor will always play a role in these organizations.  The best thing that we can do is to share the knowledge and learn from these errors.

Onto the recent cases:

In Florida, now along with Riviera Beach and Jackson County, Key Biscayne joins the list of victims of some form of ransomware mistakenly introduced by a city worker.  As with the other municipalities, Key Biscayne has to make the decision on whether they’re going to pay the ransom or go with other methods of recovering their systems.  As we noted in the Riviera Beach case, they opted to pay out $600K in Bitcoin in order to make their problem go away and are now battling with their insurance provider to determine who is on the hook.  Key Biscayne, with a population of only about 3,000 people versus Riviera Beach, which is home to more than 32,000, may have to weigh the pro and cons of their decision based on how much ransom is being demanded and whether the municipality has insurance coverage or not.

And, just prior to Key Biscayne, Lake City  Florida had to pay out $460K in ransom.  In this case, apart from a $10K deductible, they are fortunate that insurance will cover the rest of the ransom.  Although Lake City’s Mayor stated that he would typically agree with the FBI’s  recommendation not to pay the hackers, it came down to the dollars and cents and representing what was the right thing to do for the citizens of the city as a prolonged recovery would have cost the taxpayers more than just paying the ransom.  Unfortunately, another outcome from that attack was that a city IT employee was terminated as they were deemed not to have done enough to protect the computer systems from an intrusion (although it was NOT the same person who had clicked on the malicious email).  In our opinion, this is is like firing the most valuable employee – the one who made the mistake that the city could learn from (assuming that he/she didn’t do this based on malice).   

So, as we’re seeing more and more, these ransomware attacks on smaller municipalities are netting hackers a payday.  By hitting smaller cities who are less likely to have adequate protections in place, and who are more price sensitive to the ransom that the hackers are demanding, are also more likely to either pay the ransomware or are lucky enough to have insurance coverage.  This doesn’t bode well for being able to eradicate the value or ransomware to hackers any time soon, but it could be a learning experience for other municipalities if the information that these victims gained can be quickly shared with other organizations that find themselves in the same boat!  As is the typical case, the attacks are a result of an employee clicking on an email attachment that they shouldn’t have.  So, what is the best solution?

That’s where Wedge comes in!  We know that the human factor will always be around in all organizations; it is just a matter of changing how we think and attack the problem.  We have to be able to continuously take the knowledge we’ve gained from previous attacks and outcomes and use that in our fight against future attacks.  The proactive “Detect and Block” mentality is key here.  We know that employees will always be susceptible to being tricked into clicking links that they shouldn’t; but what if these emails never even reach the employees?  With Wedge’s Advanced Malware Blocker, all advanced threats can be blocked BEFORE they reach their intended target.  With Wedge’s patented Deep Content Inspection, combined with orchestrated industry best-of-breed malware heuristics and artificial intelligence / machine learning, we continually take knowledge from previously seen threats and attacks and use them in a way that now even never-before-seen threats can be detected and blocked.  With WedgeAMB, we take away the possibility that an employee will unknowingly introduce malware into the network by removing that threat before they even see it.  You can’t fire everyone so at least put a proactive solution in place!  For a FREE 90 day trial of this solution, contact our team at: info@wedegenetworks.com.  

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , , | Leave a comment