With the current spate of Ransomware attacks (most recently on the Irish Health Service Executive), one can’t help but be concerned. The onset of Covid-19 and increase in work from home users has seen the risk of said attacks multiplying ten-fold, as many people can no longer enjoy the protection of company Firewalls and other systems. And, with the Health Care industry as a whole already overwhelmed by the pandemic, a looming cyber threat is altogether more present as hackers try to take advantage of mass hysteria.

With this in mind, it’s only natural to ask, “what can I do to stop a potential attack?” or “if I am attacked, what happens next?”.

But, first off, let’s understand the impact of a Ransomware attack.

Ransomware is, by definition, a form of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the Data upon payment.

Ransomware can infect a system via a delivery method like a phishing email with a malicious attachment. In fact, around 95% of such attacks begin with an innocent looking email, wherein attackers can gain trust through social engineering before tricking their victim into opening a malicious file that installs the Ransomware. Once installed, the malware goes about encrypting all the files on the systems and then demands a payment to decrypt them. Some companies choose to pay the ransom, some try to gain a decryption key, and some have no choice but to format their systems and restore from a hopefully uncorrupted backup. The sad reality is that ransomware attacks often cost companies in one way or another, with total costs now globally mounting to billions of dollars.

Aside from the financial element of remediating the attack or loss of Data, however, there is also reputational damage and the possibility of a fine should you lose other people’s information through a breach. GDPR fines at some large companies have been in the hundreds of millions. Here in South Africa, with POPIA enforcement coming into effect from 1 July, we too will soon see fines being handed to companies losing users’ data.

So, what can be done to prevent this from happening?

Many companies are now practicing Zero Trust – a concept of no longer trusting anything inside or outside your network and making sure that someone is verified before gaining access to systems.

Deploying Privileged Access Management solutions protects critical assets by controlling access to privileged accounts and verifying the user before allowing access to systems.

A lot of corporates are now investing in technologies like EDR (Endpoint Detection and Response) or MDR (Managed Detection and Response). It continuously monitors the endpoint and gathers Data to block malicious attacks using rules-based automation and analytics. Combine this with an incident response capability or service through the EDR Vendors MDR service or a 3rd party provider.

The US Government is even adopting zero trust strategies and deploying EDR solutions internally to reduce attacks.

How Vox can help:

  • At Vox, we offer Email Security solutions to help prevent a delivery of the malware via Email. Suspected phishing mails are held until verified and either released or deleted.
  • Our EDR platforms, integrated into our SIEM (Security Information and Events Management) platform ensure proactive monitoring of the endpoints and lighting response to a potential breach from our SOC (Security Operations Centre). The EDR will contain the threat whilst allowing investigations into the attack and finally the threat will be eliminated. The EDR Platform allows a role back of the system attacked to a clean version of the system prior to the attack.
  • Combined with our CSIRT (Computer Security Incident Response team) service to deal with potential attacks, Vox offers peace of mind from Ransomware attacks or the fear of being left to deal with the incident on your own.
  • Backup services ensure a clean copy of your Data to assist in restoring servers as a last resort.
  • Another key solution to the prevention or spread of Ransomware is Privileged Account Management (PAM). PAM solutions mitigate risk from Ransomware by implementing a least privilege approach and credential theft protection to stop an attack on the ground zero machine, while privileged credential rotation and isolation block lateral movements and prevent the spread of the attack.

We are moving more towards Zero Trust strategies and are becoming more capable of offering our clients end-to-end services which protect you against Ransomware attacks. So, chat to us and let’s see how we can help you!