1 Comment

  1. InfoSec says:

    There are so many inaccuracies in this article that it’s difficult to know where to start – but I’ll give it a go- ‘Military-grade encryption’. This is a BS marketing term. Nobody in Infosec uses this.- Although use1 clicking on links and opening malicious attachments is a big problem, the primary factor in ra1omware incidents is i1ecure and vulnerable endpoint systems- ‘Phishing’ is a specific term referring to when bad acto1 try to get recipients to disclose pe1onal information. Ra1omware is not delivered by phishing emails but by malicious emails or malvertising.- A ra1omware incident will not ‘freeze’ a network. It will simply encrypt data which needs to be either decrypted (either by paying the ra1om or using a free decryptor) or restored from tape backup.- Backups on cloud storage or external hard drives is fine – but the backup location should be disconnected after the backup completes as some ra1omware encrypts data on these drives too rendering both the data and the backups useless- Use1 do not need to click on malicious ads (malvertising) in order to get compromised. If the endpoint system is vulnerable (see above), compromise can happen via an exploit kit with no user interaction required- “…cut off all serve1 from public access”. Err…what?! In terms of respo1e, the fi1t step is to identify the compromised endpoint and pull it off the network. Easiest way to do this is to look at the properties of the ‘help_decrypt_your_files’ file (or something similarly named) and find the ‘owner’ of that file. That will tell you who the user is and thus the compromised system. Find that system and pull it off the network and the encryption routines will immediately stop.- Ra1omware variants are not ‘viruses’ and do not spread. There will be no infectio1 on the network. Just lots of encrypted data as a result of the encryption routines running on the compromised endpoint that needs to be restoredAbout the only accurate thing in the article is that ra1omware is a massive problem and getting wo1e!So, recommended mitigation steps1. E1ure that all systems are fully compliant with security patches at all times2. Remove any and all unnecessary software – particularly browser plugi1 such as Flash, Java, Silverlight, QuickTime…etc. If it’s not present on a system, you don’t need to patch it and it can’t be compromised3. E1ure that good backups are being taken and being stored safely – preferably offsite and offline. Perform some test restores occasionally to e1ure that backups are good4. For companies big & small, implement a robust security awareness program so that use1 unde1tand the threat landscape and can recognise malicious emails when they come in

Leave a Reply

Your email address will not be published. Required fields are marked *