Tag Archives: ransomware

US-CERT Ramsonware Reminder

If you have subscribed to the US-CERT alerts (and I sure hope you have!!), then you will have received today’s alert on “Ongoing Threat of Ransomware“. PLEASE read it!! Ransomware is getting worse…and it’s not going away anytime soon. This alert is more of a friendly reminder…a tap on your shoulder…to double check your policies and procedures, and make sure you are ready for a Ransomware event. I’m being very honest here…if you haven’t been hit yet, you will.

The alert mentions three main best practices…(with some of my thoughts)…

  • Create system back-ups: This is a no brainer! (I’ll assume you are backing up all of your critical systems and important data.) However, there is more to do…you need to regularly validate the integrity of those backups. Perform test restores and make sure you are comfortable with the processes. And make sure the back-ups are segmented from possible Ransomware attacks. Back-ups are worthless if they end up part of the Ransomware encrypted files.
  • Be wary of opening emails and attachments from unknown or unverified senders: Translated…TRAIN your users!! They are the first line of defense!! And you may groan at that thought, but I will tell you they WANT to be well trained! Just keep it simple and show them examples of what to expect (especially with phishing emails!). Send out regular reminders and make sure to publicly praise them as they catch this stuff…they will love it!!
  • Ensure that systems are updated with the latest patches: Ladies and gentlemen…this is Network Administration 101. If you do not have a regular patch procedure in place, then shame on you!! Failing in this area can get you fired! Nuff said…

And I want to add one more “best practice”…  Segment your network: This is a huge undertaking…one that is a pain in the butt to be honest. But it can pay huge dividends if done right. Most of you will have a Ransomware event at some point (or other security event)…it’s going to happen. However, if you segment your network, you can greatly reduce the impact of an attack or hack.

Segmenting simply means to put in place policies that restrict what type of network traffic can flow where. A simple example is printers…every company has them (lots of them!). Yet most companies place them on the same network segments as the users…not good. You should place all of your printers in their own VLAN, and then apply a policy, such as an ACL (Access Control List) that allows the printers to talk just to the print-servers, and nowhere else. Another example is SQL servers…they should not be accessible to everyone. Apply an ACL that limits communications to only the application servers that need that data (IP addresses and ports).

If you decide to implement network segmentation, take your time! This is a complex undertaking…and if done incorrectly can break things very quickly!

Hope this helps you in your security planning! And have a great week!

WannaCry Ransomware – That Got Our Attention, Didn’t It?

If you see this screen, then you will wanna cry!!

If you have not heard about the WannaCry ransomware that is (and perhaps was) running rampant over the past weekend, then you must have been in a cave or on your honeymoon! This one is a doozie, let me tell you!! Some quick facts…

  • This ransomware is based on the EternalBlue exploit (developed by the NSA, and then stolen and leaked on the Internet)
  • Microsoft released a patch for this (MS17-010) in March
  • Some quick thinking good guys were able to slow down the spread of WannaCry by activating a killswitch within the ransomware code
  • MANY people and organizations, throughout the world, have been hit by this

An excellent analysis of WannaCry can be found here…

WannaCry no more: ransomware worm IOC’s, Tor C2 and technical analysis + SIEM rules

Stay informed…AND patch your systems!!

US-CERT Alert – Ransomware and Recent Variants (Read this!!)

The US-CERT and Homeland Security just released an alert concerning recent ransomware events targeting the medical industry, along with businesses in general…

US-CERT Alert – Ransomware and Recent Variants

This is important information which ALL network engineers should be aware of  and act upon! Please…do not delay!!

PS:  And no, this isn’t an April Fools joke…I sure wish it was!