Advice from Microsoft: Blocking Ransomware Attacks

/in ,

We have seen lots of changes in businesses due to the COVID-19 pandemic. As most companies are converting to a remote workforce, we have seen human-operated ransomware campaigns targeting healthcare organizations and critical services. To prevent these attacks, Microsoft “advises potential victims to prevent threat actors behind ransomware campaigns from being able to exploit the weaknesses they usually abuse to launch their attacks.”

Microsoft encourages companies to do several things to reduce the risk of becoming a victim of a ransomware attack. The Microsoft Threat Protection Intelligence Team says, “Applying security patches for internet-facing systems is critical in preventing these attacks.” As they have researched data about recent ransomware attacks they have found the following security gaps or common ways attacks infiltrate systems: 

  1. Remote Desktop Protocol (RDP) or Virtual Desktop endpoints without multi-factor authentication (MFA);
  2. Older platforms that have reached end of support and are no longer getting security updates; and
  3. Misconfigured web servers, including IIS, electronic health record (EHR) software, backup servers, or systems management servers.

Organizations should be looking for signs of an active ransomware attack and if they find any signs, Microsoft encourages people to take the following actions:

  1. Investigate affected endpoints and credentials,
  2. Isolate compromised endpoints, and
  3. Inspect and rebuild devices with related malware infections.

To help people understand just how detrimental a ransomware attack can be, Microsoft reported that “after analyzing collected cryptocurrency wallets and ransomware ransom notes, the FBI said at this year’s RSA security conference that victims paid more that $140 million to ransomware operators during the past six years.” It is important for your business to be informed of the possible ways you may be at risk of a ransomware attack. 

Microsoft wants you and your company to be safe from the detrimental effects of ransomware.

Microsoft Releases Critical Security Vulnerability For Microsoft 10 and Microsoft Server 2016/2019

/in ,

Windows administrators around the world are working overtime to update their Windows equipment after Microsoft released a patch on January 14 for critical security vulnerabilities in Microsoft 10 and Microsoft Server 2016, 2019, and more. Now, more than 900 million devices that run on these programs are in need of an update!

One of the critical vulnerabilities in Windows CryptoAPI (which allows organizations to “sign” their applications and validate the app’s authenticity) would allow malware to be disguised as trustworthy, effectively fooling users and antivirus software. Read about all the vulnerabilities here.

Let’s Recap: Where Have We Seen This Before?

The National Security Agency (NSA) discovered another vulnerability in Microsoft systems years ago and weaponized the vulnerability, calling it Eternal Blue. In 2017, the NSA disclosed the weakness to Microsoft, who then patched the bug and released the software fix to the public…. Is this starting to sound familiar?

Here’s where it went wrong: after Microsoft released the patches, Eternal Blue was leaked by a hacker group called the Shadow Brokers to the web. One month later, the worldwide WannaCry ransomware attack unfolded, exploiting unpatched computers.

The NSA seems to be trying to turn things around this time by disclosing the bugs to Microsoft. Imagine that day at Microsoft.

So How Can We Prevent WannaCry Part Two?

1. Update! Update all your computers using Microsoft 10 and your Windows Servers. Don’t make the mistake of holding off the updates for a more convenient time. Hackers are going to find that pretty convenient for them, too! Not updating your computer is like sitting in the road, seeing a car speeding towards you, and saying, “I’ll move later.” Later just might be too late.

2. Backup your data. Whether you are responsible for an IT infrastructure supporting 10,000 employees or you are managing your home computer, BACKUP YOUR DATA. If you have an existing backup system, check your backups. Ask yourself, Could my organization survive if we lost all of our data and had to restore our backups? Are our backups current and working? How long would it take us to restore from backups? If you are not satisfied with any of the answers to those questions, do something about it.

How We Can Help

As the industry-leading backup solution, Rubrik is quick to install, backup, and recover, so what otherwise would be a catastrophe is now just a quick restoration. Rubrik’s interface is also incredibly easy to use, having been built to be easy for users to manage all their data in one place. Also, with services like Rubrik Polaris, Trinsio clients get brand-new insight into data across their entire IT infrastructure, including ransomware and malware detection.

Try Rubrik for free on us! Learn how to start your free trial here.