Ransomware and What It Could Cost You
By Jon Taylor
Director and Principal of Security, Versa Networks
October 17, 2022
Over the past 9 years Ransomware has started to become one of the most lucrative types of cyber-attacks that is performed globally. Believe it or not, this is because it is one of the easiest attacks to complete. These days attackers can go out, register a random URL with almost any DNS authority, and purchase a pre-packed ransomware variant with instructions on how to deploy it.
An example of this simple type of attack we can look at is WannaCry which hit in 2017. Known originally as EternalBlue, it is a critical vulnerability of Windows systems was discovered and reportedly first exploited by the U.S. National Security Agency. The exploit was eventually shared by a hacking group called the Shadow Brokers in April of 2017. It allowed WannaCry’s creators to trick Windows systems into running its code by using the Server Message Block protocol. Essentially, the original source code is leaked, it was modified, and then published. WannaCry was so large that it hit over 300 organizations located across 150+ countries and it has also been estimated that over 12,000 different variants of the original WannaCry binary were still being detected up to 2019. WannaCry was so bad that even after it’s kill-switch was found, the virus continued to terrorize systems and data that it had come in contact with. Estimates put the total cost at over $4 billion most to of which were payments demanded in bitcoin.
Demanding payment in digital currency makes getting your money back almost impossible because of the inability to track crypto currency. Through new methods though, as in the case with the recent Colonial Pipeline attack, the United States FBI does have the ability to recover some amount of digital currency that is paid to attackers to acquire the needed encryption keys. But here is the double edge sword, even if a victim pays a ransom to get the encryption keys to unlock their data it’s not guaranteed that the victim will indeed receive the unlock key. This means that the victim is hoping that the attacker is a good moral criminal and honors their side of the arrangement. This means is that organizations still need to pay high-end costs for Incident Response (IR) vendors to come in and fully remediate their systems whether the ransom is paid or not. This brings the cost of a ransomware attack to an average of $1.85M according to Sophos per their analysis in 2021.
So why do I say this? Well would you believe that ransomware is one of the easiest types of attacks to defend against? Let’s look at WannaCry again. When EternalBlue was released, Microsoft released a patch to windows so that this exploit would be closed. So, when WannaCry hit it only took advantage of machines that had not been patched because historically companies and users do not update their systems to the latest and greatest patch for the fear that it will impact production on their users. This same mentality also exists with network and security design as well. WannaCry hit in 2017, and now five years later we are still talking to customers about employing measures such as a zero-trust architecture with proper with proper ZTNA controls and network segmentation so that a user gets least privileged access to resources and can’t just “jump” onto the network and start accessing anything they want. This type of architecture dramatically limits what is impacted when an incident occurs.
As an industry we are fighting the front on email filtering technologies to help prevent phishing and random files being delivered to employees. There is the ever-evolving endpoint solution that now utilizes some type of XDR capability. The newest security architecture that customers are looking to adopt is Secure Access Service Edge (SASE) and/or it’s subset Security Service Edge (SSE) for remote branch and remote users which contains solutions such as Cloud Access Security Broker or CASB to protect cloud-based resources and next generation firewalling.
Because of this, Versa Networks is doubling down on its investments on its security platforms. The Versa SD-WAN solution utilizing its built-in next gen firewall can secure the perimeter edges north and south bound traffic as well as east west traffic between the branches and the datacenter and allowing for segmentation controls to be put in place. Couple this with the Versa SASE or even just the Versa SSE solution and now we have the ability for the ever-expanding remote workforce to utilize ZTNA and receive least privilege access to needed apps while potentially not allowing that user or device direct access to the network. If you like many other customers are evaluating newer security controls to replace current controls and solutions, reinforcing current solutions, and/or needing to meet evolving compliance standards, check us out. Hit the Contact Us and drop us a line. We will get you in touch with a security expert to help identify the right Versa security solution to fit your security needs.