Skip to main content



How Deadly is Ransomware?

By Patch Management

How Deadly is Ransomware and How Effective are the Protections Against It?

Organizations of all kinds have found themselves victims to ransomware. Find out how dangerous these attacks are and explore strategies to protect your business.

Picture the following scenario for a moment: It’s a seemingly typical day at the office for your business. People are busy and coffee-driven. Everything is unfolding as it should — or at least as it usually does.

Then, in the space of just a few seconds, everything changes on a dime with the beginning of a ransomware attack.

Maybe it’s your client database — including all of the financial and personal information you’ve collected in the partnership process — that suddenly becomes inaccessible. Perhaps key files are abruptly encrypted in a way that you’ve never seen before. Or maybe systems grind to a halt and won’t function. You see a message telling you, in so many words, to pay up or lose the data (or remain locked out of your mission-critical networks and devices). It’s a simple — and often successful — exploit tactic.

No matter how the incident specifically unfolds, whether you pay up or work around it, you’ll likely always divide your job, to some extent, into pre- and post-ransomware periods. Here, we’re going to take a deep dive into the ins and outs of ransomware, and examine how effective various tools — ranging from staff training to endpoint detection and response solutions — can be in mitigating the damage that this increasingly common cyberattack type can do.

A Brief History of Ransomware

According to a 2012 piece from TechRepublic, ransomware dates back to the late 1980s, though it did not emerge as a tool during that decade. It became somewhat prominent among hackers and cyberattackers in the mid-2000s, and about a decade after that, it began to take the forms that IT and information security team members are familiar with today.

To date, the most famous ransomware attack — and certainly the most impactful in terms of the sheer number of those who were victimized by it — is 2017’s WannaCry. This particular act of extortion involved a viral exploit known as ExternalBlue, which attacked Microsoft operating systems that hadn’t been patched for a vulnerability in the Server Message Block file-sharing protocol.

Gizmodo noted that the attack, based on a self-propagating cyber warfare tool originally developed by the National Security Agency and hijacked by the ShadowBrokers hacker group, spread quickly to every device on every network it reached and randomly through the internet.

WannaCry-infected machines saw their data encrypted and received demands for $300 ransom payments into bitcoin wallets in exchange for decryption. Since the ransomware spread to as many as 200,000 computers across 150 countries before white-hat hackers began distributing decryption keys, its makers received almost $130,000 for their efforts.

Also, although the Department of Justice would ultimately charge a North Korean hacker, Park Jin-hyok, with deployment of WannaCry and various other cyberattacks, The New York Times pointed out Park would likely never stand trial for these alleged offenses due to poor U.S.-North Korean diplomatic relations.

Anatomy of a Typical Ransomware Attack

Social engineering strategies like phishing or spear-phishing are perhaps the most common delivery system for ransomware attacks, especially in organizational networks:

  • An employee receives an email purporting to be from a manager or co-worker, urging them to click on a link or attachment.
  • When they do, malware takes over targeted systems, either encrypting files or preventing access.
  • A ransom-demand message is then delivered, sometimes with a deadline. Bitcoin wallets are the typical method of payment requested by attackers, due to their use of decentralized ledgers that can be easily found but whose owners are virtually untraceable.

Existing vulnerabilities, like the Windows flaw that allowed WannaCry just enough room to sneak into so many machines, are another common entry point for ransomware scams. Intrusion through the internet of things is also entirely feasible, especially, as CSO noted, in the case of botnets that have seized control of dozens of devices.

Botnets can — and have — shut down large portions of the global internet due to their raw power, making them perhaps the most frightening ransomware threat vector. (That said, the average ransomware attack is more precisely targeted than the blitzkrieg approach of a large botnet would allow.)

Organizations of all kinds across the public and private sectors have found themselves the victims of ransomware. But throughout the late-2010s heyday of this cyberattack type, state and local government offices were targeted with particular frequency. In many cases, this was due to under-protected or outdated IT infrastructure that was easier to breach.

Due to the sensitivity (and volume) of information these bodies hold in their records, they will most likely remain common ransomware victims for the foreseeable future. On the private-sector side of things, energy sector firms and healthcare organizations — especially the latter — have often been similarly attacked and will continue to be targeted in 2020 and the years to come.

As stated, ransomware usually works by encrypting or walling off data, or bringing an infected machine (or network) to a halt through a dedicated denial of service. However, in some recent cases, cyberattackers have used the exploits in their ransomware deployments to steal data from businesses and leak it — or threaten to do so — to add further heft to their monetary demands, according to ZDNet. Organizations must be prepared for all of the worst-case scenarios that can accompany a ransomware attack.

The Personal Side of Ransomware Mitigation & Response

Most people are at least somewhat aware of ransomware by now. But that doesn’t necessarily mean the average employee of a given organization is trained to be cyberattack-wary in a manner that genuinely minimizes their likelihood of being hit with such an attack or provides them the skills to deal with it.

According to the results of the Chubb 2019 Cyber Risk Survey, only 31% of organizations offer company-wide training to bolster staff awareness of cyberthreats. Because of this, it’s hard to fault workers for falling prey to well-disguised ransomware scans.

The Infosec Institute pointed out that regular cybersecurity awareness training, once implemented, can be a significant aid to organizations’ efforts to reduce their overall levels of vulnerability to ransomware and other potentially devastating attacks. Experts noted that it can be particularly effective to engage employees in such training exercises on a monthly basis.

Framing these initiatives through the lens of gamification -— e.g., conducting simulated social engineering and ransomware attacks and offering prizes to those who respond to the mock threats properly — can further galvanize workers’ enthusiasm for and commitment to cybersecurity. This can lead to a significant decrease in staff members falling prey to the phishing, pretexting and other social engineering scams that often precede ransomware infection.

Choosing the Proper Tools

Training and increased awareness alone will not be sufficient to substantially mitigate the dangers that ransomware poses to countless organizations. It’ll also be necessary to find and implement a number of more concrete tools equipped to detect and repel or quarantine these cyberattacks.

If you already have an antivirus software solution in place, there’s a strong chance that it won’t be equipped to deal with contemporary ransomware threats unless the program is brand new. And most of the antivirus software that does work on ransomware is specifically focused on detecting and preventing it as opposed to other attack vectors.

Also, often as not, businesses that haven’t been previously targeted by cyberattacks of any kind will have let their cybersecurity measures fall out of date- and such lax awareness, on its own, can be enough to facilitate a ransomware intrusion, as the WannaCry debacle proved.

Instead, it may be best for your organization to use a multifaceted approach that includes not only employee training, firewalls and antivirus tools but also solutions for patch management and endpoint detection and response. As businesses integrate themselves further into the IoT landscape, their endpoint numbers will skyrocket, presenting that many more potential entry points for attackers, so it’s critical to protect them at all costs.

Syxsense offers comprehensive EDR software and patch management platforms along with always-available managed services from our support team. To dive deeper into the possibilities of our products, consider a free trial today.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

BlueKeep: There’s a Report For That

By Patch Management

BlueKeep: There’s a Report For That

BlueKeep exploits are on the rise—Syxsense allows you to see which of your devices are affected by this critical vulnerability.

With BlueKeep exploits looming large, knowing your exposed risk could save your time, money and business.

Syxsense has added the “BlueKeep At Risk Devices” report to every console. Our dynamic architecture helps you stay on top of emerging threats. To run the report, just go to reports, find BlueKeep and press the button.

In seconds, you will see a list of every device that hasn’t been scanned for the vulnerability and every device where the risk is detected. With a few more clicks you can deploy the patch to every device, rerun the report and prove to management that you are 100% compliant.

Click, know the facts, and secure. Experience a complete view of your IT environment with Syxsense.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

NSA Urging Users to Patch BlueKeep Vulnerability

By News, Patch Management

NSA Urging Users to Patch BlueKeep Vulnerability

The National Security Agency (NSA) is warning users that a new RDP vulnerability affecting Windows 7 and Windows XP systems is potentially “wormable."

The National Security Agency has recently issued an urgent advisory to all Windows-based administrators and users to ensure they are using a fully-patched and updated system.

Last month, Microsoft released additional security updates to protect against Bluekeep, a new security vulnerability considered a potentially ‘wormable’ flaw in the Remote Desktop (RDP) protocol (CVE-2019-0708). The vulnerability is present in the still-supported Windows 7, Vista, Server 2008 and Server 2008 R2, but also in legacy systems Windows XP and Server 2003, which is a rarity for Microsoft since Extended Support ended back in April of 2014.

The vulnerability can be easily exploited and weaponized by leveraging malware or even ransomware. Microsoft has even warned that the vulnerability can surely be as damaging as Wannacry. It only takes a bit of code designed to exploit it and spread pre-authentication without requiring any user interaction in the process. Once the vulnerability has been abused, it’s only a matter of time before it will infect not only the target host, but the rest of the environment, if left unpatched.

The NSA also believes this can easily evolve in time: “This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability. For example, the vulnerability could be exploited to conduct denial of service attacks. It is likely only a matter of time before remote exploitation code is widely available for this vulnerability. NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.”

The solution is simple: patch all Windows devices not only for the latest vulnerability but always, and if the devices are outside of mainstream or even extended support, like the legacy operating systems, it’s best to migrate to Microsoft’s latest OS, Windows 10.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

How Forgotten Legacy Systems Could Be Your Downfall

By Patch Management

How Forgotten Legacy Systems Could Be Your Downfall

Legacy systems present a major security risk as attackers continue to target vulnerabilities on these devices.

This article originally appeared in Infosecurity Magazine

Some companies just simply swear by the adage, “If it ain’t broke, don’t fix it” and continue to run workstations and servers on legacy systems.

Take the case of the world’s most popular operating system (OS) – Windows. According to NetMarketShare, Windows 10, Microsoft’s latest iteration of the OS for workstations, has finally surpassed Windows 7 as the leading OS. Globally, Windows 10 now has a market share of 40.30% compared to Windows 7’s 38.41% as of February 2019.

Interestingly, Windows 10 only edged Windows 7 in the tail end of 2018 despite being in the market since 2015. Users typically cite Windows 7’s dependability as a key reason for its longevity. Yet, it’s a bit surprising why users still stick to the aging OS. Windows 10 is just arguably just as, if not more, dependable.

Windows 7 compatibility is now becoming an issue as new software and hardware are now designed to work only with newer operating systems. Computers with newer processors will not be able to use OS versions older than Windows 10.

What’s even more remarkable is that Windows 7’s market share still translates to millions of computers around the world. Users continue to put faith in the OS even if mainstream support ended back in 2015. Microsoft’s extended support for Windows 7 will also only be until January 2020 and when this happens, the OS will stop receiving free security updates or support. Only Professional and Enterprise license holders will have the option to get paid support until 2023.

Why Legacy Creates Risks
Unfortunately, this continued use of legacy systems presents a major security risk as developers tend to focus on actively providing support for their latest versions. So, any discovered or disclosed vulnerability to these older systems may not be fixed or addressed, leaving them vulnerable to attack.

Attackers typically focus on these vulnerabilities to widely-used legacy systems. For example, among the reasons why the Wannacry ransomware outbreak crippled a number of companies is because of the use of legacy systems.

In the case of NHS, the ransomware infected endpoints running on Windows XP which were specifically vulnerable due to unpatched flaws. This ultimately compelled Microsoft to rollout a special patch for the 3.34% of computers that still ran on the “dead” OS. This was quite an odd case since extended support for Windows XP ended way back in 2014.

Companies’ lackadaisical attitude towards upgrading and updating legacy systems is also to blame. An RSA Conference survey revealed that less than half of companies patch vulnerabilities once they are publicized. Some even wait weeks or months before acting on security bulletins.

What to Do
Companies would do well to patch the potential security vulnerabilities, given the dire consequences of falling victim to a cyber-attack. Legacy systems and other system and software vulnerabilities should be carefully analyzed and addressed, and IT teams should commit to the following:

Create a comprehensive inventory – IT teams should perform a complete inventory of all devices including the hardware, OS, and software specifications of each endpoint. Companies must know how many devices actually run on aging systems or load legacy software since they could all become vulnerable once developer support ends.

Invest in upgrades – Many might not see the benefit of upgrading especially if the legacy ones still work for their purposes. However, the reality is that, part of what users pay for in new software versions is the active support that developers provide. If cost is an issue, they could weigh the risks of security risks and the benefit of support. Besides, developers often offer discounts on upgrades to existing customers.

Invest in extended support – As an alternative, companies could also look into acquiring extended support from their vendors. Some developers provide service level agreements (SLAs) to their legacy users. However, this must be carefully weighed against the benefits of having mainstream support.

Timely deploy patches – Companies must stay on top of security bulletins and patch their systems accordingly. IT teams can also use management platforms to automatically deploy patches to affected endpoints as soon as fixes are released.

Why Upgrading is a Precaution
Attackers are not wasting their time in targeting potential victims. Many security threats are now automated where hackers use bots and scripts to scan and attack vulnerable endpoints. As such, users have to keep their infrastructures secure at all times.

Due to the lack of active support, legacy systems are among the most vulnerable to such attacks. Companies should be mindful of these security risks and commit to make the proper investment to upgrade their systems.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Malware: It’s Not If…It’s When

By News

An unfortunate fact for IT departments is that they will, at some point, face a malware crisis.

Here’s how addressing malware normally plays out.

At some point after the infection occurs, usually much later, it gets noticed. Whether by pure luck or through receiving a ransom notice, the IT department becomes aware of the crisis after it has already spread.

The IT team attempts to outrun the exploding crisis. To prevent further infection, they shut down every device. Then, one by one, they must be booted back on and cleaned of the infection.

It could take days, weeks, or even months, to get every device cleared of the malicious software. An enormous amount of money is lost to destroyed productivity and IT labor hours.

But there’s a new way to tackle a malware crisis.

How Syxsense Realtime Security Can Address Malware

Live data means being able to see processes and status in real time. Using the AI-powered personal assistant, an IT manager would simply ask ‘Is WannaCry running on my devices?’ The console would then show where any such process was running.

If the process is running on devices, the option to kill it is available. A process can be killed on a device by device basis or everywhere it’s running.

But what if the malware changes its name to escape detection?

Realtime Security can still detect the process by MD5. It’s that simple; identify devices running the process, and then kill it with a button click. From there, an alert can be set so that if it somehow starts running again, you will know immediately.

Realtime Security means having live data that is secure, accurate, and actionable.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Malware Tops Annual Cybercrime Report

By News

Europol Cybercrime Report 2018

According to Europol’s 2018 Internet Organised Crime Threat Assessment (IOCTA) report, ransomware is the top threat to organizations.

This report sites ransomware as the largest player in financially-motivated attacks. It also points out the increase in nation state cyber-attacks as a reason for ransomware’s continued leading threat level.

Distributed-Denial-of-Service (DDoS) attacks are still quite prevalent. These kinds of attacks were the second most frequent, just after malware, in 2017. It stands to reason that DDoS attacks will be a concern going forward as they are “becoming more accessible, low-cost, and low-risk.”

An emerging field is Cryptojacking. This is the act of using targeted users’ bandwidth to mine cryptocurrencies. These attacks can cripple an organization by dominating their internet bandwidth and device processing power.

How can your organization protect against these threats?

In the event of a cyberattack, authorities should be alerted. But companies should already have a comprehensive IT management solution in place. Maintaining a proper update strategy can mitigate the risk of exposure.

Syxsense has a diverse set of features that eases the burden of IT management. These features include Discovery, Inventory, Patch Management, Software Distribution, Reports, and more. As updates are released, the console will show which devices need updates.

From there, the patch manager can target those vulnerable devices and a task can be launched to deploy the needed patches. Learn more about securing your environment and start a trial with Syxsense.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

BitPaymer Ransomware Hits NHS

By News
[vc_single_image source=”featured_image” img_size=”large”]

Is BitPaymer going to be bigger than WannaCry?

On August 25th, a handful of Scottish hospitals was infected with the BitPaymer ransomware. This group of hospitals, responsible for more than 654,000 residents, was also hit during the WannaCry ransomware event three months ago.

Although the hospitals reacted quickly and avoided paying a ransom, the hack caused major disruption, leading to thousands of cancelled appointments.

While a bullet was dodged here, BitPaymer has the potential to be much larger than WannaCry. A big danger is that this hack utilizes computers with RDP. According to some estimates, there are over 4 million endpoints vulnerable like this. That is 10 times more computers than WannaCry infected.

While RDP is a useful tool for keeping people productive, it’s risks outweigh the benefits. It’s time to replace RDP with a secure, powerful solution. Syxsense offers a Remote Desktop Access feature. We prioritize security and utilize 2048-bit encryption for communication.

BitPaymer doesn’t need end user interaction to infect a device. To show you who is accessing devices and when, we provide comprehensive audit logs and reports. Replace RDP and sign up for a free trial of Syxsense today!

[vc_single_image image=”12852″ img_size=”180×180 px” alignment=”center”]

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]