There is not a silver bullet for providing 100% protection against cyber crime. You can, however, learn to reduce the risk of being compromised! During a recent event that NFF hosted at the Cisco office in Washington DC, the attendees got to launch a real-time ransomware attack and see it unfolding.
This clinic was developed by Joseph (Joey) Muniz, a security researcher, and architect at Cisco Systems. Joey has been involved in the design and implementation of multiple projects ranging from Fortune 500 corporations to large federal networks. He is the author and contributor of several books including a book about Security Operations Centers and the CCNA Cyber Ops book, and he has spoken at popular security conferences such as Cisco Live, ISC2, and DEF CON.
During this exclusive live training in a virtual lab environment, people played as both attacker and defender in a real Cyber security attack situation. Joey showed how environments get compromised and how breaches get discovered and demonstrated how to respond effectively. The feedback was very positive; several people suggested to make it a multiple-day event!
It’s not if, but when
Not long ago we received an urgent call from one of our long-time customers, a large association representing more than 35,000 members nationwide. Several of their senior staff members had locked computers with ransomware notifications stating that all their files were encrypted and that they had to pay a ransom to regain access to their files. Since their computers had been connected to the organization's network, the ransomware had also encrypted all their shared drives, making them unavailable to all users in the company. Their systems were only protected with a basic firewall and antivirus software. Apparently, someone got linked to an infected web page, either directly or via a malicious email.
Luckily this customer has a service contract with us so that NFF engineers could start working on the issue immediately, and their first step was to isolate all their computers on a quarantined network to determine the extent of the infection. The second measure they took was configuring the customer’s network to use OpenDNS (now part of Cisco, under the “Umbrella Security” brand), adding a DNS-based security to prevent others from getting infected (NFF ultimately found a few more infected computers lying in wait that had not encrypted yet). Once the infected machines were identified and isolated, engineers assisted the client to restore the file server with their last backup.
The final task was wiping the infected computers. Within four to five hours everything was back to normal, without paying the ransom. Thanks to an established service agreement, the organization lost less than a day of productivity as the NFF engineers were able to take action immediately and mitigate the attack with a good backup and quick implementation of Umbrella Security.
We will be hosting this clinic again in the early Fall, let us know if you would like to receive an invite. In the meantime, we can help you review your vulnerabilities with a network threat assessment.