#Ransomware

#Ransomware

 

Just this morning I wrote about this topic; this afternoon we learn that a California hospital was hacked.

Ransomware.jpg
You see this and you are screwed… 

Firstly, someone executed that ransom-ware in an e-mail or some other way. The payload most probably came in as an attachment through a phishing scheme, like the one that I wrote about.

  • Secondly, this tells me that they do not have a good disaster recovery plan.
  • Thirdly, this tells me that their firewalls were inadequate to block “zip” files.
  • Firewalls should be set to strip any attachments from messages. 

“You say, oh that is just great, my business uses attachments all the time!”

Most probably, attachments could be directed to a virtual machine, much like a bomb disposal box, where it could be executed in such a way that if it were a virus or worse its damage would be mitigated.

Fourth, what kind of anti-virus were they using? Were they using group policies stopping the execution of executable s?

Someone on his or her IT team messed up, and it starts with the “CIO!”

The bottom line is you never want to be a position where you have to pay money to terrorist.  Folks, make no mistake, people who extort money like that are terrorist.

I would be doing a serious root cause analyses to see how it happened, and why they paid the ransom.

The news tonight said it happened on the 5th.  Are you telling me that a hospital being down for 13 days cost less than a good disaster recovery plan and of course an audit of your system?

Do not open attachments that you are not expecting and if you are, make damned certain it is what you are looking for.

It might be a real good idea to keep a standalone pc that employees take their files to on a thumb drive and open it there.

Once infected you options are, pay the ransom or start from scratch.

cryptolocker-screenshot2.jpg

With a tested DR plan, you could be back up a lot sooner than being at the hands of the terrorist.

Lastly and I cannot stress this enough, don’t get cheap on your anti-virus software.  MailWareBytes has been working on software to mitigate this threat.

You would be surprised at the companies that I run into who use the cheapest damned software that they can find.  Often Free!  Whoever does this should be dismissed as they clearly dont value your data or your company.  This is a hill to die on folks.

You can take the cheapest CFO and argue or “negotiate” the need for the expense, or you should not be there.

Excuse me but that is like living in a high crime area using using a bathroom lock set for your protected, you know the kind, the one you stick a small pin in to unlock it…

To recap…

  • Education
  • prevention
  • disaster recovery plan

 

-Best

© All rights reserved. 2016

 

 

 

 

 

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s