Continuing with the Healthcare Industry, Here are Some of the Numbers…

Author Avatar Posted on February 20, 2020 by Wedge Chief Scientist

As we covered Healthcare a fair bit last week, I just wanted to pass along some of the recent numbers that reflect the dire situation that the industry continues to find itself in.  Forbes published and article a couple of days ago that provides some telling numbers from the US Healthcare industry and a bit of history surrounding how it has been targeted since the first ransomware attack in 1989.  Unfortunately, ransomware continues to be the thorn in the side of healthcare even today.

So, down to the numbers.  According to a recent report from Comparitech, in the US Healthcare industry alone, 172 ransomware incidents have cost more than $157MM over the past four years.  The interesting thing to note is that the actual ransom demands only accounts for 11% of that figure.  The OTHER 89% of costs can be attributed to remediation costs and downtime!!

Damage has been incurred across the US, with attacks reported in ALL but five states: Maine, Montana, New Mexico, North Dakota and Vermont.  Interestingly, California has been hit the hardest during this time with 25 ransomware incidents reported.  Of the more than 1,400 clinics, hospitals and organizations impacted, 75% of attacks have been focused mainly on hospitals and clinics; the front lines of healthcare where downtime can cause life or death situations.

The unfortunate thing is that, although ransomware attacks result in network downtime, reduced patient care and lost time and resources, it is now also frequently targeting the databases that contain highly sensitive and confidential patient records.  This is a disturbing trend as, according to the Forbes article, medical records are a hot commodity on the Dark Web marketplaces, where they can often command more than 4 times the price of stolen social security numbers.  Factoring in the potential for identity theft, this could potentially cause the total related costs of these ransomware attacks on the healthcare industry to explode!

So, getting back to what the Healthcare Industry can do to help reduce the ongoing effects of ransomware, we refer back to our previous blog.  Healthcare has to take a long hard look at what its doing to protect itself.  Considering the fact that it’s now 31 years later and the attacks and severity continue to increase, it’s time for the industry to try something new.  Instead of the Detect and Remediate approach that has long been in use, and that can be attributed to 89% of the costs that have been incurred over the past 5 years, the industry really has to look at the Detect and Block approach; utilizing a solution that can literally STOP the ransomware from even entering the network.  Find out more by contacting our team at: info@wedgenetworks.com and see how you can take advantage of the FREE 90 day trial of the Wedge Advanced Malware Blocker (WedgeAMB) which is spearheading some of the needed security changes in cybersecurity for the healthcare industry.

Posted in Unclassified | Tagged , , , , , , | Leave a comment

Healthcare Industry Still Under Siege: Why They’re So Bad at Cybersecurity and Why Backups are No Longer a Solution Against Ransomware

Author Avatar Posted on February 13, 2020 by Wedge Chief Scientist

Over the weekend there were a couple of articles that popped out at me, mainly because it’s in an industry that we’ve been making strides to protect with our WedgeARP platform and our WedgeAMB product.  This industry is of course, the healthcare industry and it is continuously under attack from hackers because of the amount of damage that they can cause to essential services and, consequently, the payday that they can extract from accessing private health records and holding critical systems hostage, especially in life-or-death situations.

The first article, from CBC, brings up the fact that healthcare providers across the country continue to get hit by ransomware.  Despite having security in place, eHealth Saskatchewan, which manages the provinces personal medical records, appeared to have leaked files from its servers to suspicious IP addresses in various countries in Europe.  This discovery was made during forensic analysis that resulted from a recent ransomware attack.  It was found that although it was initially thought that the attack began on January 5, 2020, the initial virus entered the organization’s health system as early as December 20, 2019.  Employees did not discover any problem until they tried opening files on January 6th, 2020 and were requested for bitcoins in exchange for unlocking the files they needed to access.  Although eHealth’s CEO, Jim Hornell, stated that the affected server mainly contained administrative files, such as emails, it’s not clear whether this server was in communication with other servers in the network.  Despite backups being available, since the servers were breached and data encrypted and leaked offsite, the organization can never be sure whether confidential information had been compromised, even after they got their systems up and running again.  Scary stuff when organizations such as these can get back up and running from their backups but still manage to lose confidential information from the attack!

The second article, from Ars Technica, is a much more in-depth read and serves to bring home some very critical points.  From CBC’s article, we see that healthcare organizations continue to get hit, but this article tries to understand why healthcare continues to be so bad at securing themselves, despite the fact that they are aware that their networks are value targets.  Despite the fact that the healthcare industry deals with life-or-death scenarios on a daily basis, they continue to have issues securing themselves.  In 2019, the industry continued to get hit with data breaches, and ransomware attacks, costing to the tune of $4 billion.  A case in point on how bad things are getting, five US healthcare organizations had reported getting hit by ransomware attacks in a single week in June of last year!!  Because of the potential payday for hackers, their attacks are becoming more severe and more sophisticated as well!

So, what’s the problem?  The Ars Technica article brings up what we believe are several salient points:

1.  The “Last Mile” awareness problem:  The number of patient using implantable devices that are potentially prone to cyber-attacks, and even patients connected to devices at home or elsewhere, may not be aware of the importance of receiving updates and patches to fix potential vulnerabilities in order for their devices to continue functioning safely and effectively.

2.  A late start and continued lack of oversight:  Government organizations have only recently been overseeing the issue of cybersecurity within the healthcare industry and are met with a lot of pushback from device manufacturers when it comes to regulating and addressing cybersecurity issues.  Although many large healthcare organizations are recognizing the risk and are investing resources into prevention, for a vast majority of organizations, because of lack of or continued reduction in funding, the priority for cybersecurity gets pushed way down on the list.
 
3.  Hospitals are notoriously bad at patching: With patching of medical devices taking time and resources, and with no regulatory requirements for healthcare organizations to do so, it is not surprising that this fairly effective cybersecurity activity is not taking place regularly.  With no standardized protocols for patching and with so many different devices running both new and old operating systems, it becomes unwieldy to put together a regular patching protocol.

4.  There is a lack of research on the effects of cyber attacks on these organizations:  Not enough studies have been undertaken to provide concrete evidence of delays in emergency care and mortality rates that have directly resulted from cybersecurity incidents.  The evidence may very well be enlightening on just how lives could very well be affected but ransomware and other malware attacks on the healthcare industry and could spur regulators to expedite cybersecurity requirements.

5. Understanding “risk”:  Doctors do not understand cybersecurity risks, or they view it with a different lens as a result of their medical training.  That being so, their idea of risk doesn’t equate to how the cybersecurity industry understands risk.  Doctors consider the percentage of people who might get infected and how to mitigate that as opposed to looking at the exploitability of the infections and how they could be evolved for more nefarious purposes.

6.  Lack of staffing: Even if the other salient points were taken care of, there remains the fact that there is still a fundamental issue affecting healthcare security.  That is that they work with a limited amount of personnel and resources; and unfortunately, the first area that is cut or reduced is usually IT.

Thus, we see that there are a variety of reasons why the Healthcare, while continuously under siege by cyber threats, continues to hobble along.  Many are the issues are inherent to the underlying mentality and understanding surrounding Cyber threats and the effects of attacks, while some come down to resource and lack thereof.

What we here at Wedge are trying to do, with our WedgeARP platform and WedgeAMB product, is to show that there is a solution that can help to alleviate at least some of the issues as listed above.  With more visibility into the healthcare networks, and with tools such as AI and Machine learning that can detect and block malware such as ransomware in real-time, issues such as the “Last Mile” awareness and patching become non-issues.
 
From a reduced resource perspective, being able to PREVENT attacks from happening is a much more cost-effective way of dealing with cyber security than trying to remediate effects after the fact.  For those healthcare organizations who are struggling to find resources in order to defend from and mitigate against cyber attacks, they should consider that PREVENTATIVE solutions such as WedgeAMB can provide much greater ROI than utilizing  a Detect and Remediate approach.  This can often alleviate lack of staffing issues, especially when WedgeAMB, with its single pane of glass management console, greatly reduces the need for staffing by minimizing and consolidating alerts and reports so that they can be much more easily managed than other solutions on the market.

Finally, with built in reports and wider visibility into what is going on within the network, WedgeAMB provides many of the tools needed for the incoming government regulation and oversight that is no doubt in the works.  By generating insights into where the network is vulnerable, Healthcare Industry security teams can better understand where they need to shore up defences and where they can make better decisions on resource outlays.

At Wedge, we are continually working on ways that we can help beleaguered and hard hit industries like healthcare.  In order to see how we can help your organization, feel free to drop us a line at: info@wedgenetworks.com.  As always, we offer a FREE 90 day trial of our Wedge Advanced Malware Blocker (WedgeAMB) to any and all organizations in the healthcare industry.  We are striving to be one of the networks security companies that can actually spearhead some of the needed change within healthcare cybersecurity!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , | Leave a comment

Haven’t Received Your Packages as of Late? Blame Ransomware!

Author Avatar Posted on February 7, 2020 by Wedge Chief Scientist

An interesting article came across my desk yesterday, posted by Zdnet, which centred around how deliveries across Australia have been delayed recently.  Now many would figure that it was weather related or something similar as we have seen the news articles of how wildfires are still raging across the country creating havoc.  However, in this case, it was not Mother Nature, but the work of hackers that was causing delays.

Australian transport and logistics company, Toll Group  was hit by a targeted ransomware attack last Friday (now being blamed on a new variant of the”Mailto” or “Kokoklock” ransomware), infecting as many as 1000 servers.  This led to the company having to immediately isolate and disable various systems in order to limit the spread and effects of the attack.  By Monday, the company, which employs over 40,000 workers, had to shut down a number of systems, including several of its customer-facing applications.  Thankfully, although Toll Group does not believe any personal data has been lost from its systems, the incident has meanwhile resulted in the company having to revert to manual processes in order to clear the backlog of undelivered packages that the ransomware had caused. Toll Group’s update to its customers can be seen here.  Fortunately, Toll’s customers are able to continue to access the company’s services across a large part of its global network; however, the company has had to increase its staff in order to help with the continued backlog that the ransomware caused.

While Toll Group battles through the effects of ransomware infiltrating its systems, this need not have happened.  Wedge recently worked with one of the world’s fastest growing global logistics companies (PGL) to prevent exactly what occurred with Toll Group.  Based out of Texas, PGL transports over 250,000 tons of air freight annually.  One of the company’s top priorities is ensuring its customers’ confidential data while providing its end-to-end shipping, transportation and logistics services.  Like in the Toll Group case, with the critical nature of its freight and custom-clearance services, along with its 24/7 package tracking, PGL cannot afford to have any system downtime.  

As such, PGL worked with Wedge and deployed the Wedge Absolute Real-time Protection (WedgeARP) orchestrated threat management platform into its main data centre in order to eliminate malicious attacks to its on-premises and cloud infrastructure.  With WedgeARP’s embedded artificial neural network, each of PGL’s locations are protected from all threats, in real-time, with ransomware, APTs, backdoors and other never-before-seen malware being detected and BLOCKED before they can reach any endpoints.

”We cannot afford any downtime whatsoever if we are going to succeed in this very competitive industry. If we should ever get hacked, our competitors would eat our lunch. That’s why we are always looking for proven solutions to keep us several steps ahead of potential attacks. WedgeARP has truly shown its value to us in this respect, blocking several zero-day attacks that our other solutions didn’t even detect! It’s amazing to me that we’re getting thorough malware protection from a solution that has introduced literally no performance degradation into any of our systems and services.” 

-PGL IT Director, Steven Calton II

In PGL’s case, WedgeARP’s AI engine was able to detect and block several advanced threats and never-before-seen malware that the company’s existing firewall and UTM solutions did not catch.  With large-scale security implementation across its offices worldwide, WedgeARP provides effective real-time threat management services through its orchestrated threat management platform that incorporates the industry’s best-of-breed solutions; all managed through a single pane of glass.  Had Toll Group utilized the WedgeARP solution, perhaps they would not be facing the issues that they are currently dealing with.

If your organization is struggling to find a solution that will protect its valuable customer database and customer facing systems, drop us a line at: info@wedgenetworks.com.  Wedge provides a FREE 90 day trial of its Wedge Advanced Malware Blocker (WedgeAMB) that runs on the WedgeARP platform.  Attacks like the one that hit the Toll Group CAN be prevented!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , , | Leave a comment

The Endpoint Protection Numbers Are In And It’s Not Looking Pretty – Endpoint Attacks Are Still An Ongoing Issue

Author Avatar Posted on February 5, 2020 by Wedge Chief Scientist

Help Net Security published an article at the end of January that highlighted several Ponemon Institute findings and the fact that “Organizations are not making progress in reducing their endpoint security risk, especially against new and unknown threats…” According to a Ponemon Institute study, 68% of IT security professionals surveyed admitted that their companies experienced one or more endpoint attacks that compromised data assets and/or IT infrastructure, increasing from 54% of those surveyed in 2017.

The big thing that was revealed in the study its that of the incidents that were successful, 80% of them were caused by new or previously unknown malware that either exploited undisclosed vulnerabilities or that used malware variants that signature-based solutions were unable to recognize.  

To make things worse, these increased attacks also inflicted more business damage than before, with the Ponemon Institute findings showing that that the average cost for endpoint breaches increased by more than $2MM from 2018 numbers to sit at an average of $9MM in 2019.

According to Larry Ponemon, Chairman of the Ponemon Institute, “Over half of cybersecurity professionals say that their organizations are ineffective at thwarting major threats today because their endpoint security solutions are not effective at detecting advanced attacks.”

This is definitely not a good sign, especially as more and more businesses move their networks and digital assets to the cloud.  

What could be a silver lining in this ongoing fight against malware is that as organizations continue the shift to Windows 10, with Windows Defender AV built into the operating system, enterprise security strategies are changing.  Ponemon reports that 80% of organizations are using, or are planning to use, Defender AV for savings over their legacy anti-virus solutions.  These savings are then being reallocated towards adding a layer of advanced threat protection in endpoint stacks along with an increase in IT resources.

Although Endpoint Detection and Remediation (EDR) adoption is increasing as a way to increase advanced threat protection for endpoints, the study showed that organizations are finding that costly customization and false-positive alerts are significant challenges in their EDR adoption. Those who have not adopted these solutions state that they have a lack of confidence in EDRs ability to prevent zero-day threats.  Security staffing limitations are also a top reason why EDR solutions are not adopted.

At Wedge Networks, we’re gearing up to be part of the changing security strategies.  Organizations can add that extra level of threat protection with the Wedge Advanced Malware Blocker (WedgeAMB), a product from Wedge’s Absolute Real-time Protection (WedgeARP) line.  WedgeAMB combines: 1. Deep Content Inspection, so that it can see ALL content going through the network and improve on detection accuracy, 2. Orchestration of the industry’s best-of-breed security services, to cover all advanced threats, 3. Artificial Intelligence and Machine learning, to detect never-before-seen and zero-day malware, and 4.  SubSonic and GreenStream – hyper streaming technologies, so that malware detection and blocking can occur in Real-time with no perceptible latency.

In addition, to help increase EDR adoption, when WedgeARP is added to the mix, it becomes the tool of choice for Managed Detection and Response (MDR) providers.  With WedgeARP and a capable EDR system in place, organizations can access a potent solution that can Detect and Block malware in Real-time (instead of waiting for minutes and hours for results to come from a sandbox), while allowing MDR providers to offer Real-time remediation through the interactions with their EDR system.  WedgeARP, combined with EDR, greatly reduces false-positive alerts, provides EDR solutions with the ability to prevent zero-day threats, and, with its built in analytics and alerts, greatly reduces the IT resources needed to manage the solution.

So, although the Ponemon Institute report continues to paint a bleak pictures of the state of endpoint protection, there are things that organizations can and SHOULD do in order to help themselves.  If your organization is concerned about its endpoint protection capabilities, contact us at: info@wedgenetworks.com.  Wedge offers its WedgeAMB for FREE on a 90 day trial.  There is no time like the present to beef up your endpoint security!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , | Leave a comment

Snake Ransomware Now Causing Havoc on Industrial Control Systems – Are Your Systems at Risk?

Author Avatar Posted on January 29, 2020 by Wedge Chief Scientist

This is a follow-up blog to the one we provided earlier this month on how the Snake Ransomware was affecting Corporate Networks.

Yesterday, Bloomberg again brought to light the recent “Snake” ransomware and how it is now used to target Industrial Control Systems (ICS); and in particular, many industrial processes that belong to General Electric Co.  This new strain of ransomware was created by Iran and has the ability to lock up and even delete ICSs.  Snake will encrypt programs and documents on infected machines BUT it also removes all file copies from infected stations, preventing victims from even recovering encrypted files.  As such, deleting and/or locking targeted ICS processes would prevent manufacturers from accessing vital production-related processes such as analytics, configuration and control.

Of note, before the Snake ransomware starts encrypting files, it attempts to terminate processes associated with various types of programs, including system utilities, enterprise management tools and ICS.  Although other companies such as Honeywell and their processes are at risk, the majority of the industrial processes that are targeted by Snake are those in GE products.

According to an article by SecurityWeek, one organization that was recently targeted by this ransomware (or the related Dustman malware) was the Bahrain Petroleum Company (Bapco).  According to ZDNet  Saudi officials sent an alert to other local companies active on the energy market in an attempt to warn of potential attacks and advising these companies to ensure that their networks were secure.  The Bapco incident was brought up amid rising tensions between the US and Iran after the US military recently killed top Iranian military general, Major General Qassim Suleimani.  

Saudi Arabia’s National Cybersecurity Authority subsequently linked Dustman to the ZeroCleare malware; itself a wiper that has been targeted against energy and industrial organizations in the Middle East.  When the dust settles, all of these malware variations have been linked back to Iranian hacker groups, and are a testament to Iran’s advanced technical capabilities when it comes to launching destructive state-endorsed cyber attacks.  With the current political climate surrounding Iran and the US, it would not be prudent to rule out the possibility that they will try to create additional instability by targeting other energy and industrial / infrastructure organizations in the region.

That being said, if your organization is running any sort of ICS system that could potentially be at risk, how confident are you in the security solutions that you currently have in place?  How damaging would a ransomware attack be to your organization?  Are you prepared with backup plans?  In this case, should the Snake ransomware hit your operations, because it removes all file copies from infected stations, would paying the ransom even ensure that you’ll be able to get up and running again?

This is where Wedge, and its ability to detect the Snake ransomware, is able to help.  With Wedge’s Advanced Malware Blocker (WedgeAMB) in place, the Snake malware that is targeting ICSs can easily be detected and blocked in real-time, BEFORE it causes any damage.  With a deep content inspection, and AI / Machine-learning based platform that has proven effective to be able to detect and block ransomware in real-time, WedgeAMB is providing not only Energy and Industrial organizations but ALL organizations the extra blanket of protection that they need to weather the new variations of ransomware that are being pushed out by hacker organizations.  

If your organization is concerned about this recent spate of attacks, and is unsure of whether your security solution would be able to detect the Snake ransomware, make sure to contact us at: info@wedgenetworks.com.  Our team will be able to tell you more about how WedgeAMB can protect your organization.  WedgeAMB is available for a FREE 90 day trial so you really have nothing to lose!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , | Leave a comment

The Snake Ransomware is Making its Rounds Through Corporate Networks… However, it is Unable to Elude WedgeAMB!

Author Avatar Posted on January 16, 2020 by Wedge Chief Scientist

Snake is in the news as of late. No, not the one of the 2019 Chinese Zodiac but of the malware variation. Detected as “Trojan.Win32.Antavmu.asdd”, Snake works like most ransomware. It doesn’t touch your operating system files and programs so your computer still starts up and provides you with a working system. And, like most other ransomware, any other important files such as documents, photos, videos, spreadsheets, etc, are all scrambled and locked up with a randomly chosen encryption key.

Here’s the thing. With Snake, the scrambled files will consist of the encrypted content overwriting the original data with decryption info added on at the end. The original filenames and directories are are recorded, with the decryption key stored as well, with a special tag “EKANS” (“SNAKE” – backwards), finishing off the encrypted file.

Similarly to other ransomware, Snake uses a hybrid encryptions system with symmetric cryptography used to lock up the files but then public-key encryption used to lock up the decryption key. The reason being that symmetric cryptography is ideally suited for scrambling large amounts of data while public-key cryptography is better suited for small amounts but allows for two keys, instead of one, where the key used to lock up the data can’t be used to unlock it.

However, Snake is a bit different from other ransomware. While most ransomware denote scrambled files by adding unusual extensions to filenames so that they stand out, the Snake malware adds a different, randomly chosen string of characters, onto the names of encrypted files; making it more difficult to determine which files have been affected through name alone.

From there, the malware drops a “What happened to your files?” document onto your desktop, or in this case, it writes a file called “Fix-Your-Files.txt” into the Windows public desktop, where it shows up in the background for every user on the affected system. Unfortunately, the way the malware is written, with the expectation of having administrator access across the compromised network, the bad actors that are perpetrating this crime don’t intend on targeting individual users on the network but are looking to take their time and attack everyone, for a much more egregious outcome.

But there is a positive outcome to this story! As it turns out, the Snake ransomware is still ransomware at its core and because of the various key elements of the code, it can still be detected and blocked. Although many solutions out there are unable to detect it because they are still just looking at the packets and not the content itself, WedgeAMB, with Deep Content Inspection in its underlying platform, is able to do just that. By looking at the whole content, combined with AI and machine-learning abilities that can detect the “INTENT” of the content; despite variations in the malware itself, WedgeAMB can detect and BLOCK the malware in real-time. The malware is unable to even enter the network; preventing any and all damage from occurring. This can be evidenced in the screen-shots from WedgeIQ below, showing that the Snake malware was stopped in its tracks.

Now, hopefully your organization was not affected by this dastardly piece of ransomware as it has many other organizations out there. If you are concerned that perhaps your security systems might not be able to detect and block this and other ransomware variations, give us a shout! Wedge provides a FREE 90 Day trial of our Wedge Advanced Malware Blocker, which uses Deep Content Inspection along with Orchestrated Threat Management that incorporates best-of-breed security solutions and AI to detect and block ALL malware in real-time. Contact us at: info@wedgenetworks.com. Let’s usher out the Chinese Year of the Snake and protect ourselves from the Snake malware while ushering in a much better 2020 Year of the Rat!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , | Leave a comment

Cyber Insurance Company Warning of 6X Increase in Ransomware Attacks: Not Just Healthcare is a Target

Author Avatar Posted on October 29, 2019 by Wedge Chief Scientist

Wedge’s CFO recently forwarded me an article from the finance side of things that is painting an alarming picture. We’ve been talking a lot about how the Healthcare industry has been the main target of ransomware attacks but an article put out on insurancebusinessmag.com is painting an even bleaker picture for small businesses as a whole. According to cyber insurance company Tokyo Marine HCC, they have seen a 6-fold increase in ransomware attacks over the last four years, mainly targeting small businesses, with the costs of responding to these attacks up almost 10 x during that period.

It looks like the ransomware attackers have now finely honed their “business” and their testing of the market has shown how lucrative this business can be. Most businesses have been educated in the news by all the attacks, they know what ransomware is and how they have to pay the ransoms via bitcoin. Now that the ransomware business model is mature, with those hit by the ransomware being reassured that their data will be released upon payment, cyber criminals are upping the demands. Ransoms are jumping from the $10k-$30k range up to the six and seven figure range. Of course it also doesn’t help that insurance companies have joined the fray and are now covering part, if not all, of the losses from these attacks. Knowing that there is a deep-pocketed insurance company in the background that will be paying for the ransom is causing an upward shift in costs overall.

Getting back to the Healthcare industry, they have been the targets for so long because they typically have data that they cannot afford to go without for too long before their patient care starts suffering and before life and death situations start creeping into the equation. Not only that, but healthcare networks have also been known to provide good computing machinery for bitcoins mining, tons of good private and confidential data that could be used for blackmail or extortion schemes, not to mention that most of the OT machinery and diagnostic equipment running on the network cannot be easily patched with downtime costing the organization for every day they are not in operation. This doesn’t even touch on the potential for sabotage with patient misdiagnoses!!

Now, hackers are finding that other SMEs, such as accounting firms and retailers, can be just as affected as the healthcare industry by cutting off access to their critical data. Any industry that has mission and business critical data that is not adequately protected could be and will probably be an easy target. Even if they are covered with cyber insurance, the way costs are increasing, ransomware attacks are going to continue having a negative impact on everyone’s pocketbooks.

That’s why Wedge is so focused on ensuring that its WedgeAMB product is made available to provide the protection that these target SMEs need. With a deep content inspection and AI and machine-learning-based platform that can detect and block ransomware in real-time, WedgeAMB provides the extra blanket of protection that all SMEs need; PREVENTING ransomware from even entering the network and locking up mission critical data. SMEs can fight back by enabling more accurate real-time protection that will stop them from being another ransomware statistic. WedgeAMB is being offered for FREE on a 90 day trial. Contact us at: info@wedgenetworks.com to find out more! It takes everyone working together to solve this growing ransomware epidemic.

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , | Leave a comment

Ryuk Ransomware Continues Causing Headaches for Organizations – This Time Targeting Hospitals

Author Avatar Posted on October 7, 2019 by Wedge Chief Scientist

Targeted ransomware of the Ryuk variety continues to cause headaches today with a noticeable uptick in attacks, more than a year after it started making the rounds; initially focused on organizations and businesses, it has more recently been focused on healthcare and hospitals.  Three hospitals in Ontario, Canada have been hit in recent weeks, which has raised the alarm that more facilities may be at risk in the coming days. 

What is interesting to note about the recent attacks is that the malware has so far only been trying to exfiltrate data instead of demanding money.  Word from Michael Garron Hospital CEO in Toronto is that, due to their firewalls, data was prevented from leaving the organization.  In this hospital’s case, the organization had over 100 servers, which are still being evaluated for infection.  The most immediate result was that a couple of elective surgeries and out-patient clinics had to be rescheduled while staff had to resort to paper documentation for their ongoing day-to-day operations.  Within a day, the organization noted that email services had been restored, although some VPN access was still not available and some minor administrative systems were still offline.  Thankfully, MGH, which is one of Toronto’s largest hospitals, had expert hospital teams in place and had prepared for all issues with extensive processes in place to respond quickly when experiencing disruptions in services.

Getting back to the Ryuk ransomware variety, this piece of malware is quite stealthy, remaining invisible to average users for weeks or months while it collects information about the organization and its perceived ability to pay a ransom.  If the hackers feel that the organization is a lucrative target, it then locks files and then demands a ransom in order to make them accessible again.  Ryuk is a very opportunistic and targeted ransomware, looking at organizations where a lockup of their files could do the most damage; potentially leading to higher ransomware amounts.

Thankfully, all three hospitals in Ontario have said that they have paid no money in order to retrieve their files and that no specific amount was demanded.  With detailed processes in place at all three organizations, systems are in the process of being restored.  Unfortunately, according to some cybersecurity experts, healthcare facilities are particularly vulnerable to malware attacks because of their reliance on specialized software that rarely gets updated.

The healthcare industry is hopefully not going to be as easy a victim as has been seen with the multitude of municipalities that have been rocked by ransomware attacks over the past year, with millions of dollars of ransom payouts having occurred and with more in the wings.  Wedge has recently been working with the healthcare industry in Eastern Canada and what we have been seeing has been somewhat comforting.  The hospitals and healthcare organizations that we have deployed with, on the whole, realize that they are sitting on goldmines of health, research and personal data that must be protected at all costs; especially with HIPAA regulations put in place by the governing bodies.  We have also seen that, as mentioned before, the healthcare industry, with their growing number of IoT devices, medical equipment and more, are more susceptible to attacks.  Any disruptions to networked systems and devices could wreak havoc on patient care; in many cases, which could have life or death consequences.

Wedge is very excited to be working with the hospitals to be able to provide a proven security platform that can help prevent the ransomware issue and that can ensure that patient data is secure, while enabling hospitals to maintain their high levels of patient care.  Since working with the healthcare industry, we have seen incredible results from the use of WedgeARP and the Advanced Malware Blocker in helping to detect and block ransomware such as Ryuk from making any headway with these organizations, all in real-time.  Healthcare organizations are realizing that with a small investment now, they can save a huge remediation cost later.  If your healthcare organization is concerned about this recent spate of targeted Ryuk attacks, contact us at: info@wedgenetworks.com or our team directly (Dale or Rob) to find out more about how you can be easily protected.  WedgeAMB is available for a FREE 90 day trial and we encourage all healthcare organizations to give us a try! 

Posted in Industry News, Latest Security News | Tagged , , , , , , | Leave a comment

The Global Ransomware Epidemic is Evolving and Getting Worse… First, US Cities, Now Major Cities in Canada. Are Europe or Asia Next?

Author Avatar Posted on August 14, 2019 by Wedge Chief Scientist

As we’ve been writing about for much of this past year, hackers have hit dozens of municipalities in the U.S. so far; demanding ransom from various municipal departments, schools and even police departments – how brazen is that?!?  A recent article in The Star about a week ago showed us that, although the U.S. attacks are getting most of the press, Canadian municipalities are not immune to being hit themselves, with ransomware victims including a multitude of locations including Stratford, Wasaga Beach and, more recently, Toronto!

It was revealed last month by Toronto’s auditor general report that two of the city’s entities / departments were reportedly attacked by ransomware, compromising their systems.  Unfortunately, because protocols were not put in place, for both situations, the incidents were NOT communicated to the city’s CIO.  This has set off alarm bells at city hall and has triggered recommendations for stronger safeguards as it has exposed the vulnerabilities that Toronto’s systems have to hacker attacks.

Thankfully, the city’s main digital backbone was not compromised, but the attacks have spurred audit committee members to urge the acceleration of the development of notification protocols and steps to improve existing safeguards.  As a result, the city will create a new CISO position to oversee Toronto’s defences to attacks, and will include bolstering in-house security infrastructure and hiring private-sector experts to provide MSP services.  This is all well and good and is a positive sign that municipalities are starting to heed the warnings and are taking steps to protect themselves from what is seemingly an almost inevitable occurrence for potentially all cities.  

The whole ransomware epidemic has been rapidly evolving over time and we believe it will go beyond just the US and Canada. Our continued advice to all municipalities is to “get prepared”.   Hackers are now focused on municipalities, locking up their systems and causing more damage for a lot more people, because this often includes taking down essential municipal services. As a result, the desirability to just pay the ransom, in order to get services back as soon as possible, is very appealing to many of these  municipal victims, despite more than 225 U.S. mayors recently signing a resolution not to pay ransoms to hackers.  The jury is still out on whether this resolution will hold because the potential costs for not paying has been seen to be very steep.  For example, Baltimore refused hacker’s demands for $75K worth of bitcoin and now faces remediation costs of more than $18MM in order to get their systems back on line and to repair damages done.  

At Wedge, we’ve kept track of how the ransomware epidemic has evolved and progressed to where it is now and we consistently encourage Detection and Blocking as a solution to this epidemic.  We applaud the municipalities that are taking a proactive approach to protecting themselves; following the suggested advice of providing staff training for identifying potential phishing emails as well as what to do in the event of an attack, keeping full ‘out-of-band’ backups, continual assessment of weak points, updating and patching systems, and looking to network security solutions that provide real-time protection and remediation.  

At the same time, we continue to stress that real-time protection is a key part of the solution.  If municipalities can PREVENT an attack before it happens, they will be able to save themselves the headaches of having to go through the whole remediation process.  Wedge’s Advanced Malware Blocker, with its Deep Content Inspection and orchestrated threat management of industry-best-of-breed malware heuristics and artificial intelligence can detect and block ransomware and other malware in real-time!  In the ever-evolving ransomware epidemic, prevention has always been the one constant that can actually save an organization time and resources.  So, for our Canadian municipalities who are continuing their battle against ransomware, feel free to try WedgeAMB for FREE on a 90 day trial or contact our team at: info@wedgenetworks.com to learn more.

Posted in Industry News, Latest Security News, Wedge Channel Partner Forum, Wedge News | Tagged , , , , , , , | Leave a comment

The Numbers Are In… Were YOU One of the Victims? How Are YOU Protecting Yourself?

Author Avatar Posted on August 1, 2019 by Wedge Chief Scientist

Our CFO Rob Fong placed this article by CPO Magazine on my desk and in it, the latest cyber attack numbers are in. From the article, according to a new report from the Internet Society’s Online Trust Alliance (OTA), their Cyber Incident & Breach Trends Report shows that cyber crime became a $45Bn industry in 2018.  

The numbers are staggering.  To put this in perspective, although the number of overall incidents of cybercrime have actually decreased in almost all areas, the $45Bn stolen in 2018 represents over 1/3 of the TOTAL losses from cyber crime since 2013!  As presented in an earlier blog, although ransomware saw a downturn in overall incidents, losses actually rose by 60%!  The big trend that is becoming more apparent is that cyber criminals are moving away from the quantity of indiscriminate attacks against a lot of individuals and are focusing their attacks more specifically at businesses and organizations (such as municipalities and other government agencies) that they perceive to have more significant resources.  We’ve seen the marked increase in ransomware attacks on municipalities and have blogged many many times about it.  The big increases included ransomware and business email compromises (which itself skyrocketed from $677MM in 2017 to $12.5Bn in 2018!)

The big takeaway from the above is that a) cyber crime trends are up, b) hackers are honing in where they can get their biggest kill c) organizational readiness for dealing with these attacks remains dismal – of all the attacks that were perpetrated, “95% of these attacks were determined to be preventable”.  And that’s the rub.  Organizations are continuously behind the eight ball when it comes to attacks.  Most of them continue to follow the Detect and Remediate way of doing things; with their security systems detecting attacks after they’ve already happened.  Of course, this leads to expensive clean up and remediation efforts, which have just added to the 2018 totals.

At Wedge, we’re trying our hardest to do our part in trying to get these numbers down by continually evangelizing our “Detect and Block” approach.  We always feel  that if you can prevent your organization from being a victim, you’ll save a ton of money in the long run!  So, how are you protecting yourself?  If you haven’t taken us up on our FREE 90 Day trial of our Wedge Advanced Malware Blocker, that uses Deep Content Inspection, along with Orchestrated Threat Management using best-of-breed security solutions and AI to detect and block ALL malware in real-time, what are you waiting for?  Contact us at:info@wedgenetworks.com so that you don’t become one of the 2019 statistic!!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , | Leave a comment