The Ransomware Scourge Continues. “To Pay or Not to Pay” is not the answer. GET YOURSELF PREPARED is!

Author Avatar Posted on July 29, 2019 by Wedge Chief Scientist

The number of ransomware victims continues to mount with CNN reporting that attacks on cities continue to rise.  Law enforcement officials continue to warn against paying ransoms.  Security experts continue to suggest that even if victims pay their ransom, there is no guarantee that the victim’s data will be decrypted, and if it is, there’s also no guarantee that the data hasn’t been tainted or corrupted.   Meanwhile, insurance companies are now a factor as they are looking to minimize the damages that they have to pay out as an insurer in order to get their client organizations back up and running; even if it means that they pay the ransom.  Two very opposite stances.  One is taking the long-term view, “DO NOT PAY” trying to disincentivize hackers by taking away their quick score, while the other is taking the short-term view, or “PAY” out now so to minimize overall damage costs. 

And so, the debate rages on as to what is the proper response when an organization is hit.   A prime case came to light just recently as, just days after the Conference of Mayors passed a resolution opposing the payment of ransoms by cities, La Porte County in Indiana  did just the opposite; paying out ransom to the tune of $130K after their systems had been hit.  Granted, in this case, the county will pay about $30K, while its insurer will pay the remainder of the ransom.  The decision was also made after it was determined that the FBI’s own decryption software was unable to unlock the encrypted data.  Putting aside the ethics of the decision, La Porte made their decision from a cost perspective as other governments who declined to pay their ransoms ended up incurring a much heavier cost than the ransom that was demanded.  As an example, the city of Baltimore declined to pay their ransom demand of $76K and it is now estimated that the city will end up spending over $10MM in order to fully restore its computer network, not to mention that it is estimated that they have lost revenues amounting to around the same amount as a direct consequence of the attack. 

Regardless of the side of the debate that is appropriate to your situation, this is the new reality for IT Security teams in cities, government departments and other organizations around the world who have become the targets of hackers looking to make and easy score. The unfortunate thing is that attacks have been increasing against cities as of late because it is clear that cities are ill-prepared or typically underfunded to deal with these types of emergencies.  We’re seeing that it’s not only the big cities and states that are being affected but the smaller municipalities and counties being taken down as well.  Any organization that relies on a critical system or database in order to operate and that is typically known to be under protected, is ripe for the picking. 

Meanwhile, as the debate continues, what a lot of people don’t realize is that the best way to handle the scourge of ransomware is neither paying or not paying, it is to ensure that preventative measures are put in place to safeguard against an attack happening in the first place!  We’ve blogged about the bare minimum that organizations should do in order to protect themselves, especially when budgets are tight.  When it comes down to it, even with tight budgets, organizations can still put some measures in place since, as ALL cases have shown, it is ALWAYS much cheaper to prevent an attack than it is to have to remediate it after the fact. 

Preventative solutions is where Wedge comes in. The Wedge Advanced Malware Blocker product is a prime example of real-time security that has been proven to be effective in blocking ALL advanced attacks, ransomware, zero days and never-before-seen malware  BEFORE they can make their way to the vulnerable endpoints.  With our patented Deep Content Inspection, that can see ALL content going through the network, orchestrated with the industry’s best-of-breed security services and Artificial Intelligence / Machine Learning that detects and blocks all attacks and that helps us to keep several steps ahead of the hackers, organizations have a real choice in how they want to deal with the possibility of ransomware attacks.  Best of all, Wedge provides a FREE 90 day trial of the WedgeAMB product to anyone who is interested in seeing how it works for themselves!  As always, contact our team at: info@wedgenetworks.com to learn more!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , | Leave a comment

Scary Story of the Day: Security Vendors Know That Their Products Don’t Work. Getting SIEMFed and What Should a CISO Do?

Author Avatar Posted on July 22, 2019 by Wedge Chief Scientist

An interesting ZDNet article by @ChrisMatyszczyk was forwarded to me recently that made me shudder.  In it, the author relates a story of how, as he was golfing, he came across a security software salesman (from a company quite well known in its field) that casually admitted to him that the security software he sold “doesn’t work”.  The author went on to provide the reasoning that the salesman gave in that the hackers are always one step ahead and that for every piece of software, old or new, out there, there is always some small opening through which a hacker can enter.  To justify himself, he felt that since his company’s software was “pretty good”, compared to most others, he didn’t feel bad about selling it, despite the fact that it “didn’t work”. 

While it is impossible to conclude anything, based on one conversation, the salesman’s remarks provide a couple of insights that I felt are worthy of a blog.  Being in the industry for as long as I have, I do realize that there are some companies out there, fairly respected ones at that, who continue putting out solutions based on older and less effective technologies.  The first insight is that in many of these cases, it is the same base technology, that has gained them the market share, which is also the technology that limits them; making it almost impossible to stay at the cutting edge.  But the second, more powerful insight, is that hackers seem to always be a couple of steps ahead. There is a reason for that, and it is surprisingly tied to the first insight, as you will equally conclude.  

There was another article that cropped up on Threatpost recently that showed how bad it has become for IT managers.   According to the research report quoted in the article, “In a survey of 3,100 IT managers across 12 countries (at organizations with 100 to 5,000 employees), two out of three of them said their organizations (68 percent) suffered a cyberattack in 2018, despite efforts to prevent them. This, despite the fact that a full 26 percent of IT’s time, on average, is spent on cybersecurity issues.”  Also, in the article was a statistic that stated:  “Nine out of 10 (91 percent) of the respondents said they were running up-to-date cybersecurity protections at the time of a successful attack.” These are both depressing and distressing figures, especially when we know that there are solutions out there that WORK and that can help prevent such attacks.  Using a military analogy, on some bad days, as a security practitioner, it sometimes feel that we are fighting a guerilla warfare with a regimented army where you have a huge weight to pull along.  The tools do not respond well; there are thousands of SIEM records flying by, leading to SIEM Fatigue (internally we call it getting SIEMFed) and it leads to just brutal analysis paralysis!   

So, while on the surface, the salesman’s comment might put a damper on those of us who are truly putting out cutting edge technology that DOES WORK, because the more established players have the larger footprint, no one blames the CISO for buying their product.  Even worse, the fact is that they can market-their-way over new innovation!  And THIS is exactly what I love about security startups and is the primary reason why I have always worked with them.  

While the old guard continues to go along their merry way, patching their solution here and there in order to keep up with the more ground-breaking advances that are being made; smaller and more nimble security startup companies have the drive, the innovation, and more importantly, the agility that can match and respond to these hackers.  It is so fulfilling to see the impact of these cutting edge innovations and their instant impact.  Thus, my message to our fellow CISOs cannot be any clearer – true, no one gets blamed for purchasing an established toolkit, but you have to also remember that you shouldn’t just bet on one set of tools.  You need to ensure that you make room in your budget for the up and coming innovations.  Take advantage of these startup companies’ agility and eagerness to earn your business and to ultimately bolster your security. 

At Wedge Networks, what drives us day in and day out is the belief that our approach is disruptive to the industry.  We’ve always firmly adhered to the Detect and Block approach, despite most of the industry resigning themselves to cater to Detect and Remediate.  The thing is, as we’ve seen especially recently with the spate of ransomware attacks and advanced threats that have become the norm, Detect and Remediate is and always will be the more expensive way of doing things.  That’s why we’ve always focused our solution on PREVENTION.  If we can STOP attacks in the network before they can reach endpoints, the battle is already half won!   

But beyond the products and technologies, we have always maintained the startup culture – and yes, working with my very capable team – we have continually made decisions that often led our product to be re-engineered from the ground up.  This has its advantages, as we’ve been able to remain quite nimble; allowing us to stay at the cutting edge. Wedge’s core patented technology has been based around Deep Content Inspection, Orchestration, and hyper-streaming.  We’ve always believed that what you can’t see, you can’t catch.  While other companies had focused on deep packet inspection, Wedge looked ahead and instead focused on better ways that we could inspect traffic; ultimately patenting our Deep Content Inspection technology. The way that we can SEE content flowing through the network has always been one of our main selling points.  Combining this with the orchestration of the industry’s best-of-breed security services, along with AI and machine learning, has enabled us to keep our solution “Evergreen”.  We know that technologies can get old and dated so, with our open bus platform, and our team’s agility, we decided to continually integrate the cutting edge technologies that were leading to better solutions that worked.  We can continually add on the latest and greatest technologies into our platform, allowing us to stay several steps ahead of the game.  Finally, our patented hyper-streaming technologies such as SubSonic and GreenStream, allows us to do all of the above in real-time, which is what is needed to truly Detect and Block advanced threats as they’re hitting the network.   And now, we’re one of the first to incorporate at the network level, what I believe is the latest game changer – Artificial intelligence – but that is worth another series of blogs just by itself. 

Thus, assuming the story holds true, unless you want to pay for extra rounds of golf for the salesman out there who continues to sell a product that “doesn’t work”, I recommend that CISOs try out solutions and products in the industry that truly DO work.  We are so sure of the effectiveness of our product that we even offer our Wedge Advanced Malware Blocker (WedgeAMB) on a FREE 90 day trial.  Contact our team at: info@wedgenetworks.com to learn more about a truly effective solution!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , | Leave a comment

Healthcare Services are Primed to be Hit By WannaCry Again: What Can They Do to Protect Themselves?

Author Avatar Posted on July 18, 2019 by Wedge Chief Scientist

There have been a multitude of articles hitting the news as of late, sounding the alarm for Healthcare Services and related organizations to make sure that they have secured themselves as it looks like the WannaCry malware is making a comeback with hackers looking for a quick and easy payday.  Although the WannaCry cyberattack first hit worldwide over two years ago, many experts are saying that “institutions have not done enough to protect themselves against a repeat.  And that’s especially true in the healthcare sector.” 

For example, a report out this week by the Imperial College of London’s Institute of Global Health Innovation (IGHI), says that despite WannaCry having a financial cost to the UK’s National Health Service (NHS) of more than $100MM, hospitals in that country “remain vulnerable to cyber attack, and must take urgent steps to defend against threats which could risk the safety of patients.”  This is unfortunate as the defence against WannaCry and other ransomware is fairly straightforward for organizations to put in place.  Namely, keep equipment up to date, patch software and provide training and awareness to users while making sure the skills of IT staff are continuously maintained.  However, the lack of investment and training by Healthcare organizations is alarming, especially in light of attacks such as WannaCry in 2017, which should have spurred these organizations to improve their cybersecurity measures. 

As another article on the same topic put out by the Imperial College of Science, Technology and Medicine, the return of WannaCry is considered a “Looming Threat” as the authors point out that since that attack, there have been a number of new technologies being used in the healthcare industry, such as robotics, AI, implantable medical devices and personalized medicines based on a patient’s genes that are lacking built-in security and would be susceptible to such an attack.  WannaCry, if it hit again, would see hackers gaining access to personal information or even tampering with patients’ medical records.  And this is not just specific to the NHS, but applicable to all healthcare systems around the world. 

With healthcare and funding for healthcare funding coming under increasing financial pressure from government, industry and other stakeholders, these organizations are becoming hard pressed to ensure that they continue to allocate funds so that they can protect themselves from these potential threats. 

So, Wedge continues to keep trying to get the word out to healthcare organizations that there is indeed a solution available to them that can help them to beef up their systems to protect them from WannaCry, along with other malware.  While they should still be investing in the straightforward defences as mentioned earlier, they should also consider taking a proactive “Detect and Block” approach.  Once malware such as WannaCry has made it into an organization’s network, it is already too late.  Then, the focus becomes “Detect and Remediate”, which becomes a much more costly exercise.  

With Wedge’s Advanced Malware Blocker, healthcare organizations can invest in a solution that can completely prevent ransomware and other advanced targeted attacks from even making it into the network; and before it can cause any damage.  A small investment now, can save a huge remediation bill later.  WedgeAMB is available as a FREE 90 day trial and we encourage any healthcare organization who feels that they are lacking in adequate protection to give it a try!  Contact us at: info@wedgenetworks.com to find out how easy it is to deploy WedgeAMB and to provide that extra level of protection that your organization needs against WannaCry and others.

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , | Leave a comment

Over 1/4 of UK Firms Have Been Victims of Ransomware Over the Past Year: Could These Attacks Have Been Prevented?

Author Avatar Posted on July 15, 2019 by Wedge Chief Scientist

A recent InfoSecurity Magazine article was published recently that highlighted how dire the Ransomware situation is getting; particularly in the UK.  According to figures released by data backup firm Databarracks, over 28% of UK organizations have been hit by ransomware over the past 12 months.  According to them, “This is slightly lower than the peak of 29% in 2017, the year WannaCry hit, but much higher than the 2016 figure of 16%.”

While Databarracks highly recommends that the only way organizations can fully protect themselves is by having historic backup copies of their data, their opinion is that outright prevention is not viable.  We, at Wedge, do concur with their suggestion for having backups, but we also strongly believe that outright prevention actually IS possible.  And, in the long run, is a much more cost-effective way for organizations to protect themselves.

We invite Databarracks to look at our approach where instead of looking at remediation efforts, after the fact, we have focused squarely on prevention with our “Detect and Block” approach.  To quote Benjamin Franklin, we feel that “An ounce of prevention is worth a pound of cure.”  That goes the same with cybersecurity.  It will cost a firm much more to go through a remediation process than it would to simply have a solution in place that can detect and block any and ALL advanced threats, zero-days and other never-before-seen malware.  If malicious content can’t make its way into your network, then it can’t cause any harm.

The way we do it is with our Wedge Absolute Real-time Protection platform, on which the Wedge Advanced Malware Blocker is based.  This solution can SEE all content flowing through the network and can detect and block malicious content in real-time as a result of multiple patented technologies such as Deep Content Inspection, all orchestrated with the industry’s best-of-breed services, combined with Artificial Intelligence and machine learning.  By having the ability to block all advanced threats, such as ransomware, in real-time, BEFORE they can even reach the endpoint, it takes away the ability to lock up data and shut down the network.

WedgeAMB is a proven solution that can actually PREVENT attacks.  If you’re interested in learning more, we offer a FREE 90 day trial to any and all organizations who are like-minded and who believe that if they can prevent attacks, they’ll be better off.  Contact us at: info@wedgenetworks.com to learn more!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , | Leave a comment

The Ransomware Tsunami Is Coming! Is Your Municipality Prepared When It Hits?

Author Avatar Posted on July 12, 2019 by Wedge Chief Scientist

We’ve seen it.  We’ve been blogging about it.  Ransomware is on the rise…and it is hitting municipalities hard.  Multiple cities in Florida have been hit and have paid out hundreds of thousands of dollars in bitcoin, against law enforcement recommendations.  Others had no other choice. It was either that or make residents suffer as they tried to recover computer systems and databases.  Other cities, like Atlanta and Baltimore, have been hit even harder, spending over $17MM and $18MM respectively, as they try to recover from their attacks.  

We can say it is the perfect storm.  While Law enforcement continues to encourage organizations not to pay, those cities that don’t give into the ransom demands appear to be “taking one for the team” as their remediation costs often balloon past the initial ransom demands.  For smaller municipalities, they’re taking the “easy way out”; paying the ransoms in hopes that they can get back in business as quickly as possible, with some being fortunate enough to have insurance coverage for their losses.  This presents an opportunity which hackers and bad actors will undoubtedly seize setting us up for the perfect storm, or a ransomware tsunami as noted in this recent Forbes article.  

I get asked – so what are the things these municipalities can do to make protect themselves?  Yes, it is understandable that municipal budgets are tight (typically budgets only get released when bad things happen), but at a minimum any municipality can do these in priority order:

  1. Backups.  The Perform frequent backups of your system and other important files, and verify your backups regularly. If your computer becomes infected with ransomware, you can restore your system to its previous state using your backups.  You need to plan your backups such that regular backups are done for all systems and that these backups do not overwrite (read our blog about Tony’s Meats)… and under no circumstances, should these backups be connected to the internet.  
  2. Ransomware Outbreak Drill.  Ensure that IT staff is trained on how to handle a ransomware outbreak; if you have a Business Continuity Plan, please put Ransomware Recovery as part of your IT Recovery strategies.  Think of it, your building and facilities manager has an emergency preparedness/fire drill, so why wouldn’t you do a Ransomware Drill?
  3. Assess your weak points.  Do a full assessment of the network; there are several products and service providers around that can help with this. 
  4. Inventory and Patch Often.  Continually have an updated inventory of all software and all IT components on your network; have a patching strategy to update these.
  5. Network Security Solutions that Provide Real-time Protection and Remediation.  We have said it before, and we will continue to say it – products such as Sandboxes that detect breaches only to tell you have been screwed minutes or potentially hours later. See the NSS Time to Detection Chart Prepared for Cisco:
https://www.cisco.com/c/dam/en/us/products/collateral/security/advanced-malware-protection/nss-labs-2015-bds-svm-flysheet.pdf

As an example of Real-time security, Wedge’s Absolute Real-time Protection (WedgeARP) line of products combine: Deep Content Inspection so that it can see ALL content going through the network and improve on detection accuracy, Orchestration of the industry’s best-of-breed security services to cover all advanced threats, Artificial Intelligence and Machine Learning to detect never-before-seen malware, and hyper-streaming technologies like SubSonic and GreenStreaming so that all of the detection and blocking can happen in Real-time with no perceptible latency.  When combining WedgeARP, which is the tool of choice for Managed Detection and Response (MDR) providers, with a capable Endpoint Detection and Response (EDR) system, you have a potent solution that can Detect and Block in real-time (instead of minutes or hours like sandboxes!) while also providing real-time remediation through interactions with the EDR system. 

The above suggestions can often help the organization rebuild its systems much quicker and at minimal expense without having to pay the ransom.  As we’ve mentioned in a previous blog, although employees are always a risk factor, they are a factor that cannot be taken out of the equation and unfortunately, they are also the factor that are often the cause of the ransomware attack with an errant click on a phishing email.  In this case, cities should try to have their employees go through security awareness training so that they develop a healthy sense of paranoia around suspicious communications.  Beyond that, there is also having organizations harden the security of their systems, such as keeping a firm hand on software that is allowed on work computers and making sure that they’re all kept up to date with regards to patches.  In combination, these preventative measures can start adding up, and they’re still fallible.

And of course, at Wedge Networks we try to make things a bit easier with our Wedge Advanced Malware Blocker.  We know that the human factor will always be there and that sometimes patches get missed.  By employing WedgeAMB, it provides municipalities with that extra blanket of comfort.  By being able to detect and BLOCK advanced threats, never-before-seen malware and other suspicious content BEFORE they can even reach the endpoints.  We’ve always taken the Proactive approach to security and with out patented Deep Content Inspection and orchestrated threat management of the industry’s best-of-breed malware heuristics and artificial intelligence, we are hoping to help municipalities protect themselves by PREVENTING ransomware attacks.  Hopefully if more cities out there take this approach, we can stem the tide of ransomware that seems almost like an inevitability.  You can try WedgeAMB for FREE on a 90 day trial.  Contact our team at: info@wedgenetworks.com to learn more.

PS: UPDATE

We are thrilled that yesterday, July 11, 2019 at the 87th Annual Meeting of the United States Council of Mayors, US Mayor’s have voted and vowed against paying for ransomware where they affirmed:

“NOW, THEREFORE, BE IT RESOLVED, that the United States Conference of Mayors stands united against paying ransoms in the event of an IT security breach.”

We applaud wholeheartedly!  Well done!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , , | Leave a comment

With Ransomware the Human Factor Is Always an Issue, But You Can’t Fire Everyone! It’s Better to Learn From Their Mistakes…

Author Avatar Posted on July 8, 2019 by Wedge Chief Scientist

Another couple of articles recently hit the news, adding to the number of municipalities and local governments being hit by ransomware, as well as describing some of the fallout from these attacks.  The biggest takeaway is that these ransomware attacks are, in most, if not all cases, the result of an employee clicking an attachment in an email and unleashing the malware onto the network.  However, despite wanting to get rid of this “exposure”, we have to remember that the Human Factor will always play a role in these organizations.  The best thing that we can do is to share the knowledge and learn from these errors.

Onto the recent cases:

In Florida, now along with Riviera Beach and Jackson County, Key Biscayne joins the list of victims of some form of ransomware mistakenly introduced by a city worker.  As with the other municipalities, Key Biscayne has to make the decision on whether they’re going to pay the ransom or go with other methods of recovering their systems.  As we noted in the Riviera Beach case, they opted to pay out $600K in Bitcoin in order to make their problem go away and are now battling with their insurance provider to determine who is on the hook.  Key Biscayne, with a population of only about 3,000 people versus Riviera Beach, which is home to more than 32,000, may have to weigh the pro and cons of their decision based on how much ransom is being demanded and whether the municipality has insurance coverage or not.

And, just prior to Key Biscayne, Lake City  Florida had to pay out $460K in ransom.  In this case, apart from a $10K deductible, they are fortunate that insurance will cover the rest of the ransom.  Although Lake City’s Mayor stated that he would typically agree with the FBI’s  recommendation not to pay the hackers, it came down to the dollars and cents and representing what was the right thing to do for the citizens of the city as a prolonged recovery would have cost the taxpayers more than just paying the ransom.  Unfortunately, another outcome from that attack was that a city IT employee was terminated as they were deemed not to have done enough to protect the computer systems from an intrusion (although it was NOT the same person who had clicked on the malicious email).  In our opinion, this is is like firing the most valuable employee – the one who made the mistake that the city could learn from (assuming that he/she didn’t do this based on malice).   

So, as we’re seeing more and more, these ransomware attacks on smaller municipalities are netting hackers a payday.  By hitting smaller cities who are less likely to have adequate protections in place, and who are more price sensitive to the ransom that the hackers are demanding, are also more likely to either pay the ransomware or are lucky enough to have insurance coverage.  This doesn’t bode well for being able to eradicate the value or ransomware to hackers any time soon, but it could be a learning experience for other municipalities if the information that these victims gained can be quickly shared with other organizations that find themselves in the same boat!  As is the typical case, the attacks are a result of an employee clicking on an email attachment that they shouldn’t have.  So, what is the best solution?

That’s where Wedge comes in!  We know that the human factor will always be around in all organizations; it is just a matter of changing how we think and attack the problem.  We have to be able to continuously take the knowledge we’ve gained from previous attacks and outcomes and use that in our fight against future attacks.  The proactive “Detect and Block” mentality is key here.  We know that employees will always be susceptible to being tricked into clicking links that they shouldn’t; but what if these emails never even reach the employees?  With Wedge’s Advanced Malware Blocker, all advanced threats can be blocked BEFORE they reach their intended target.  With Wedge’s patented Deep Content Inspection, combined with orchestrated industry best-of-breed malware heuristics and artificial intelligence / machine learning, we continually take knowledge from previously seen threats and attacks and use them in a way that now even never-before-seen threats can be detected and blocked.  With WedgeAMB, we take away the possibility that an employee will unknowingly introduce malware into the network by removing that threat before they even see it.  You can’t fire everyone so at least put a proactive solution in place!  For a FREE 90 day trial of this solution, contact our team at: info@wedegenetworks.com.  

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , , | Leave a comment

Disheartening News: Ransomware Recovery Company Caught PAYING Ransom Instead of Developing Solution to Recover Data

Author Avatar Posted on July 5, 2019 by Wedge Chief Scientist

A recent article has come to light that has got us here at Wedge quite discouraged regarding firms out there professing to have a great solution for fighting ransomware but then being caught cutting corners.  ProPublica, an investigative newsroom, recently ran a story in which they found that a couple of U.S. “ransomware recovery firms,” which had been touting themselves as data recovery experts that could help firms hit by ransomware recover their files and regain access to their systems, had actually simply been paying hackers the ransomware they requested.

Instead of coming up with a solution that could potentially eradicate the value of ransomware attacks to hackers, these firms were instead perpetuating the benefit.  As per the U.S. Department of Homeland Security and other law enforcement agencies’ advice, in order to help stem the spread of ransomware, victims should avoid paying hackers their ransom whenever possible.  And even when payment could be a must (See our Tony’s Meats blog), at a minimum, there should be cooperation with these agencies to help track such payment to the hackers, which could hopefully lead to their arrest.  The idea is that if the hackers don’t get paid, they won’t see the value in continuing to utilize ransomware.  Sadly, this advice is not followed in many instances and victims take the easy way out – paying the ransom in order to get their organizations up and running again.

What makes ProPublic’s findings on these ransomware recovery firms so egregious (with these firms paying the hackers), is that victims are often willing to pay more than the ransom amount in order to get their data back if they believe that they are paying a data recovery firm instead of a hacker; especially if they feel that they can be a part of stopping the spread of these ransomware attacks.   What is more appalling is that they would then charge the victim several times the total of the ransom amount as their “decryption and services fees”.  There has to be legislation governing the delivery of such services, starting with the beefing up of existing electronics communications acts; defining ransomware as a crime.  Maybe it will happen by 2025, if we get our act together, double pun intended! 

As a solution provider ourselves, Wedge prides itself in actually having a technology that can help to properly eradicate the spread and kill the value of ransomware to hackers.  Although we understand that there are some instances where paying a hacker the ransom they request might be the only way of a victim recovering their data, we feel that we can offer a solution that can help to minimize the number of ransomware victims by using a pro-active “Detect and Block” approach to advanced threats such as ransomware.  While most of the industry is still stuck in a “Detect and Remediate” reactionary mindset, we believe that many out there want a proactive solution that will help to eliminate attacks altogether.

With Wedge’s Advanced Malware Blocker, we have a solution that can SEE all of the content flowing through the network and can that can block anything that is remotely suspicious.  By blocking ALL advanced threats such as ransomware, they don’t even get a chance to breach the network.  Unlike Ransomware firms out there purporting to be able to recover data but then ending up paying a ransom in order to do this, Wedge has a proven solution that actually gets the job done.  If you’re interested, give WedgeAMB a try!  We offer a FREE 90 day trial to those companies looking for a Proactive Defence that can hopefully someday truly eliminate Ransomware!  Contact us at info@wedgenetworks.com to learn more!

Posted in Industry News, Latest Security News | Tagged , , , , , | Leave a comment

Paying Ransomware When it Might be Necessary, But Why it is STILL Reactive…

Author Avatar Posted on July 2, 2019 by Wedge Chief Scientist

For some reason, ransomware payments have been making the news as of late.  Recently, Riviera Beach, Florida made waves by paying out $600,000 to hackers in order to get their system back.  They then went on to claim these damages back from their insurance company.  The result of that is still up in the air.

A bit closer to home, a meat business out of Antigonish, Nova Scotia, called Tony’s Meats Ltd is another victim.  Unfortunately, their backups were all corrupted by the malware and were of no use so they were basically forced into paying a ransom to get their data and systems back online.  Thankfully, Luck aligned for them and their insurance directed them to a 3rd party company that took over the case from there and negotiated payment to the hackers, ensuring that they were able to get the required decryption key back and unlock the company’s systems.  The insurance company also covered most of the cost of the remediation.  Understandably, this case is not the norm as there are many other stories of larger companies still locked in battle with their insurance companies for coverage of the damages they suffered as a result of ransomware and other advanced threats.  

There several takeaways from this – First, that it was a small operation, thus, the ransom was a somewhat manageable $14K.  However, this could be a sign of things to come if hackers start focusing on hitting smaller businesses, but more of them.  Second, Tony’s Meats had a backup system on its server that automatically copied the company’s files every night.  However, the attack happened after hours and the backup had automatically saved the corrupted files, thus corrupting itself; this goes to prove the importance of ensuring that the corruption of the backup is to be avoided at all costs.  The final takeaway is that Tony’s Meats is a smaller operation; as with many small businesses, they need to be more efficient with where they spend they resources, especially when it comes to IT security.  As such, a solution that covers all network traffic in their organization would be a better investment, instead of simply focusing on endpoint protection and backups.  And that’s where Wedge comes in.

We really believe that the best protection is to go with a “Detect and Block” approach as a Proactive Defence.  By utilizing a solution that can SEE all content flowing through the network and block anything that is even remotely suspicious, advanced threats such as ransomware do not stand a chance of breaching the network.  As a way of bolstering their defences, on top of the typical daily backups and updated firewalls, etc. organizations should look at giving WedgeAMB a try.  Wedge offers a FREE 90 day trial of the Wedge Advanced Malware Blocker for those companies looking for a truly Proactive Defence.  Contact us at info@wedgenetworks.com to learn more!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , | Leave a comment

Now This Is Going to be Fun: The City of Riviera Beach Wants its Insurance Provider to Pay for its EXPENSIVE $1.6 Million Click… Why This is a GREAT Opportunity!

Author Avatar Posted on June 27, 2019 by Wedge Chief Scientist

The City of Riviera Beach, Florida, is in the news again recently. Last week it was because the city decided to pay out $600,000 to hackers who had taken over its network so that they could get their system back (read our blog here).  This week, it is because they want their insurance company to pay up, by the city claiming ransom payments and damages incurred under their business and risk management insurance policy.  Before  the reader concludes that this is outrageous, several insurance companies explicitly offer coverage for online extortion payments in their cyber policies.

But this is changing and we have written about this before with the case of Mondelez International and its ongoing lawsuit against Zurich Insurance, claiming that Zurich should be on the hook for the $100MM financial hit that Mondelez incurred at the hands of hackers.  Industry watchers are paying close attention to the outcome of that case because it could have major repercussions on the insurance industry when it comes to what they would be required to cover under their insurance policies; especially those that explicitly cover “cyber events”, aka cyber attacks.

Going back to Riviera Beach, as it is the most recent case, despite the city voting in favour of paying the ransom, against the adamant advice from law enforcement not to give into these demands, as it only further encourages criminals by showing them success in their ongoing pursuits, the question is coming down to “who is on the hook for the costs incurred?”.  By having the insurance carriers pay for the cost and damages suffered, it insulates the victims from the cost, and it legitimizes paying ransomware as an accepted and routine cost of doing business.  

However, we argue that it sets up a dangerous precedent; the victims are now somewhat removed from having to fork out the ransom payments themselves, making it easier to pull the trigger on agreeing to the ransom payment.  This perpetuates the circle as hackers will continue down this path as it is now lucrative for them to do so, insurance companies are stuck with the bill and will start raising premiums to cover the increasing payouts, and the victims will have to pay their increased premiums in order to ensure that they are covered.  Overall a net gain for the bad guys, or a double-edged sword, especially if you are holding it with your bare hands – as most of us cybersecurity providers feel day in, day out, indeed.  

Insurance as a business is based on actuarial science – the science of managing risk through the rigorous application of mathematical models and data science.  It is our opinion that this science is still in its infancy, though there are some landmark papers (see here for a good example, though I warn you this might not be your cup of tea as an easy read) on how to work around developing this model.  This is setting up an interesting business proposition for the insurance companies.  With the explosion of ransomware cases, there is definitely a market for insurance that covers this business risk.  While, insurance companies have to figure out how to enforce better data protection for their clients so that their payouts can be minimized, vendors such as ourselves *would* love to add it as a line item to our products – and if you are an insurance company, I would love to hear from you.  I cannot seem to find you though!

Unfortunately, many insurance companies do not have the data on how or even where to start, never mind the fact that they would need to audit implementation of this new data security requirement.  Add in the possibility of paying out ransomware, which in some cases – though difficult to swallow – may have been the only option, as the City of Riviera Beach must have found out.  In the interim, insurers who have taken the leap into the rapidly growing cyber insurance market, cannot be left in this dilemma; either charging very high premiums so that they can make ransom payments without suffering significant financial loss themselves or finding ways out from their contract.  This, is however, an opportunity to disrupt both the business of cybersecurity, not only from a vendor/technology perspective, but from an operational perspective (MSSPs) and insurance perspective. 

We feel that for those insurance companies that have taken the leap into cyber insurance, we can at least offer a solution for them that they can mandate their customers use in order to cut down the incidents of ransomware attacks and other malware.  The insurance companies are looking for a security solution that can help prevent these incidents so that their payouts are lowered.  What better way than to get on board with the “Detect and Block” approach?  If these insurance companies had as part of their policies that the organizations that they were insuring were required to utilize a platform such as the Wedge Advanced Malware Blocker, they would quickly start seeing a drop in the number of ransomware payouts they would be facing.  With Wedge’s patented Deep Content Inspection, combined with orchestrated industry best-of-breed malware heuristics and artificial intelligence / machine learning, WedgeAMB stops all advanced threats in real-time, BEFORE they have a chance of even touching an organization’s network.  Best of all, Wedge offers a FREE 90 day trial of the Wedge Advanced Malware Blocker.  If you are an insurance company that has started offering cyber insurance, the WedgeAMB solution could be what you are looking for!  For more information, get in touch with our team at info@wedgenetworks.com!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , | Leave a comment

The City of Riviera Beach’s EXPENSIVE $1.6 Million Click

Author Avatar Posted on June 24, 2019 by Wedge Chief Scientist

It only took one employee a single click on an email link that allowed hackers to upload malware, and now the City of Riviera Beach, Florida is finding out first hand how expensive a ransomware attack can be. Going against U.S. Department of Homeland Security, Secret Service, and FBI suggestions, they paid $600,000 in ransom to hackers after they took over the city’s systems; and an additional $1.0MM on new computers and hardware.

This event highlights two key factors – first, we cannot use a single recommendation. Some municipalities will have to pay out hackers when the cost of disruption could lead to much more severe consequences. Second, and more importantly, it brings to light the means through which hackers would resort, in order to get to their goals. In this case, email, which is unfortunately becoming an area where we are seeing less security spending for two main reasons: a) most companies outsource their email hosting services to third party vendors; and b) most email messages are analyzed at time of delivery. As methods and tools have improved, hackers can now intelligently embed links in their messages that would appear ‘innocent’ to the third party vendor BUT could be repurposed on-the-fly for a request originating from the target enterprise.

While we continue to suggest that the best defence against ransomware is not to get infected, a fair number of municipalities are simply unprepared for, nor do they have an adequate defence system in place to prevent these attacks. The sad fact is that many of these ransomware attacks are initiated by a simple phishing email that leads to a malicious download that starts the whole downward spiral as hackers gain access to key systems. In the case of Riviera Beach, it was just that; an employee clicked on an email that allowed hackers to upload malware.

All of this can be prevented! It could be as simple as being able to stop that initial phishing email from being delivered to an end user within the network. Municipalities that have already been hit, or those that are keen on taking a proactive approach so that they don’t become one of the growing ransomware statistics, should all take advantage of Wedge’s FREE 90 day trial of the Wedge Advanced Malware Blocker.

With patented Deep Content Inspection, combined with an orchestrated platform that utilizes machine learning / AI and best of breed security defence solutions, WedgeAMB has a 99.97% accuracy rate for detecting and blocking malware in Real-time. In the case of Riviera Beach, the email in question would have been stopped in its tracks because WedgeAMB is the only product available that can provide both web and email protection – in REAL-TIME, detecting and blocking the phishing email before it even landed in the employee’s inbox and prior to them being able to access any embedded links. At Wedge, we continue to promote the Detect and Block approach for any and all organizations. Ransomware can prevented and WedgeAMB provides the first step. For more information, contact our team at: info@wedgenetworks.com.

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , | Leave a comment