At our annual security event this week, themed ‘CloudBurst’ and held at The Tower of London, we listened to some great talks from some very knowledgeable individuals.
Our thanks go to Tim Grieveson of Hewlett Packard Enterprise, Mark Chaplin from the ISF and Raghu Nandakumara from Citi, who along with our own crack team presented and developed the message that it is vital that organisations identify their Crown Jewels and protect them effectively.
We would also like to thank Sean Alexander AKA ‘The Confusionist’ who put on an amazing show of deception, data theft and mind control.
Amongst the predictions for the coming year were the facts that Phishing and Spear Phishing would increase in sophistication and volume and would continue to be the number one attack vector for most nasties out there. We also predicted that ransomware is on the up and will continue to be on the up.
So this week it is of little surprise to see that Lincolnshire County Council have been taken out in a major way by a ransomware attack, introduced to the soft squidgy insides of the organisation via a weaponised email, which has gone on to infect 300 computers.
The council have been forced to take all systems down while the long suffering IT department work day and night to develop and execute a plan to reverse the damage, which hopefully will not include paying the low life scumbags who have inflicted this upon them. Our thoughts are with them.
Whilst we know that the ransomware concerned is not Cryptolocker (source: theregister.co.uk) we can only hope that it isn’t the newest nastiest ransomware kid on the block ‘7ev3n‘.
This particularly nasty piece of garbage infects machines and demands no less than 15 Bitcoins (about £4000 in old money). Here are some of the things the ransomware does to you:
- Encrypts files on your device and network shares (obvs)
- Disables Windows recovery options
- Disables keys and tools used to mange Windows machines (ALT+TAB, Task Manager and the Run dialog)
This is one evil piece of work. Even if you have a backup you will have to reinstall Windows components from a recovery disk or rebuild the machine to make it useable.
As with all of our previous advice on ransomware, it is imperative that you have good clean backups, which are offline and therefore cannot be themselves encrypted and that you EDUCATE YOUR STAFF, and keep educating them.
Automatic defences against infections by loaded emails are a complex subject and one not dealt with terrifically well by traditional AntiVirus.
As part of the development of the products and services we offer to customers, we are investigating next generation endpoint protection technology and expect to select a partner very shortly. It is an imperative that the technology we select will be robust in its defence against ransomware as well as all of the usual rubbish. We will keep you posted, look out for an announcement soon.
If you would like to discuss anything in this blog or think we can help you, please contact us at: 020 7517 3900 or email us at:[email protected]
Nice one Kev!
Comments are closed.