The Evolution of ProLock Ransomware

The report published by SophosLabs regarding a strain of ransomware called ProLock is an interesting piece not because of its implementation but due to its evolution. Let’s take a look at the very top of this ransomware predicament.

Should you pay ransom for the data held hostage by cybercriminals?

Government bodies and law enforcement agencies in all parts of the world will say no because if you do, you’re contributing to the growth of the ransomware Fayetteville NC network.

Sure, back in the 1990s, when people didn’t know how to make any real money from malware, there were a lot of damaging computer viruses that spread widely and wreaked havoc.

It was difficult to determine why anyone would create and disseminate malware during that time, because people who were caught were sent to prison. There were several possible explanations; virus writers had something against the world; they wanted to make a political or social statement; or just because they wanted to show off.

Money didn’t matter during that time, not least since there wasn’t any dependable method to extort money through the web while remaining anonymous. But generally speaking, malware and ransomware no longer follow the path of “anger at the world” any longer.

Ransomware: It’s All About The Money

Nowadays, it’s almost always about the money and as you know about ransomware, the money that’s being demanded could be worth millions of dollars per network attack. So, if nobody ever paid up, modern theory says that cybercriminals would be less inclined to attack networks with ransomware.

That’s because this kind of attack needs a lot of time and effort on the part of the cybercriminals. This is not an after hours hobby wherein hackers will compare notes with some underground churns. It is a very competitive cybercrime world.

Ransomware gangs may take days and even weeks to prepare their attack by:

• Buying access, phishing, or hacking the network so they could acquire a beachhead for their cyberattack.
• Obtaining domain administrator privileges so that they have the some power as that of your IT team.
• Mapping out your network in detail to determine what and where to attack.
• Locating and getting rid of online backups that may assist in recovery.
• Testing and changing various ransomware samples to determine the one that will most likely work.
• Reconfiguring the security tools and settings of the network so it will be more open to attack.
• Figuring out system services to close down in order to maximize the number of files that could be overwritten.
• Taking confidential company information from the network to boost their blackmail leverage.

IT experts have dealt with a ransomware victim wherein criminals seem to have dug around the email of the IT department to determine the company’s cyberinsurance arrangements and to evaluate how high they can pitch for the ransom.

These cybercriminals have downloaded personal information for important members of the IT team and then added a voice call to the IT manager so they could threaten him directly by reading some of his personal data to prove that they now have access to the corporate data.

There are also ransomware attacks wherein the criminals have sent emails to the staff across the firm to warn them that their own personal identifiable information will be exposed to the rest of the world if the company doesn’t pay up, encouraging the staff to get in touch with their IT team and demand that they pay the ransom.

What if paying up doesn’t work?

What if paying up does not work? What if it has placed you under a worse position?

That’s an issue faced by the ProLock ransomware group earlier this year. These cybercriminals masterminded the ransomware called PwndLocker that sometimes could be decrypted without having to pay the ransom. These hackers made a cryptographic mistake that sometimes permitted victims to take the decryption key even after the completion of the encryption. Then the ProLock ransomware strain made it to the fore, which provoked an urgent warming from the FBI.

A Different Encryption

ProLock does not scramble each byte of each file it attacks. In the sample that was analysed by SophosLabs, the first 8KB of each file weren’t altered. So files below 8KB were left untouched while those bigger than 8192 bytes were encrypted while keeping the first 8KB unchanged.

ProLock is not the first ever ransomware to come up with this trick. There are three possible reasons why ransomware cybercriminals do it. To bypass the encryption detection tools that will only monitor the first part of the file, to fool certain common file-type identification tools, and to give you a false sense of security.

Call SpartanTec, Inc. now and let our team of IT experts protect your company against ransomware and other types of online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

SpartanTec, Inc.
Fayetteville, NC 28304
(910) 745-7776
http://manageditservicesfayetteville.com

Cities Served:
Fayetteville, Spring Lake, Hope Mills, Dunn, Aberdeen, Southern Pines, Pinehurst, Sanford, Clinto

FortiGate NGFWs Provide Proactive and Transformative Data-Center Security for Business Continuity

Cyber Threat Risk Webinar

Identify security risks and understand general network usage.

July 21st  11:00 am EST
Register Here

Executive Summary

Businesses today demand unrivaled availability and resiliency in their data centers, but this is challenged by an attack surface that is rapidly expanding and a sophisticated and evolving advanced threat landscape. With FortiGate E-Series next- generation firewalls (NGFWs), organizations can deliver five-nines availability and superior mean time between failures (MTBF), while inspecting all network traffic— encrypted and unencrypted.

FortiGate E-Series NGFWs simplify complex security processes resulting from a proliferation of point security solutions. They also provide L7 advanced security by adapting to any segmentation using dynamic objects—all accomplished with single-pane-of-glass visibility and centralized control.





As Data Centers Evolve, Security Must Keep Pace


Digital transformation (DX) has evolved the nature of the data center from a defensible, on- premises infrastructure to an increasingly distributed hybrid IT environment that combines virtual, on-premises, and cloud elements. These new distributed data centers offer greater agility and new capabilities—where applications are consumed by business users and public users alike (such as in healthcare where both staff and patients require access to services).
But along with the expanded capabilities, the risk of cyberattacks also increases. Combining distributed, cloud-ready data centers with outdated security tools (which were originally designed only for on-premises environments) expands the network attack surface and increases the chances of application outages and disruption to critical infrastructure. The effects of this can be extremely damaging to a business—with the average infrastructure failure costing as much as $100,000 per hour and the hourly damages associated with a critical application failure running between $500,000 and $1 million, according to IDC.
Alongside a growing number of security breaches, the total cost of cyber crime per company reached $13.0 million in 2018—an increase of 12% from 2017.2

Adapting an Integrated Security Ecosystem

To ensure continuous operations, network engineering and operations leaders first need to effectively manage risks by protecting critical business applications and services, regardless of their location. They need to build a scalable and resilient network security architecture that can withstand adverse network security conditions within and across a distributed hybrid IT infrastructure.

In addition to the above, they need to move away from relying on isolated point security products that have proliferated as the attack surface has expanded, in favor of an architectural strategy that streamlines operations to reduce both capital expenditure (CapEx) and operating expenditure (OpEx). Indeed, more than three-fourths (77%) of organizations rely on nonintegrated point security solutions to some degree within their organization. This adds cost and complexity while leaving networks vulnerable to cyberattacks.3 In response, security integration simplifies operations and enables automated workflows, which in turn allows technical security resources to focus on more critical business outcomes and optimizations.

Enabling Effective Data-Center Segmentation

To manage risks, organizations must reduce the attack surface. This can be achieved in part through network segmentation, helping to isolate workloads from one another to secure them individually, while restricting lateral (east-west) movement of malicious intrusions to the network. Segmentation for distributed data centers must be sufficiently flexible to address a broad selection of use cases. The solution must provide scalability, resiliency, and availability across a hybrid IT architecture to maintain business continuity.
However, segmentation by itself does not offer mechanisms to inspect content for threats. Therefore, organizations need an NGFW solution that can adapt to various segmentation techniques and communicate with third-party security solutions to share threat intelligence and provide automated threat protection.

SOLUTION BRIEF | FortiGate NGFWs Provide Proactive and Transformative Data-Center Security for Business Continuity

Proactive Security Features for Expanding Risk Exposures

The FortiGate E-Series NGFWs, which are an integrated part of the Fortinet Security Fabric, address these evolving data-center security requirements. Specifically, integrated threat intelligence from FortiGuard Labs is included with the FortiGate E-Series firewalls Fayetteville NC to prevent known attacks plus artificial intelligence (AI)-driven detection of unknown attacks (via FortiSandbox). This collective threat intelligence is shared in real time across all of the parts of the security infrastructure, thus helping organizations to improve their risk posture.

Core capabilities of the FortiGate E-Series firewalls Fayetteville NC offer network engineering and operations leaders the best choice for several different reasons:

Risk management

FortiGate E-Series NGFWs are designed for deep integration into third-party technologies and platforms in multivendor infrastructures. Fabric Connectors and Fabric-Ready Partner compatibility enable two-way communications and threat-intelligence sharing. FortiGate NGFWs can adapt to any segmentation strategy (absorbing network changes using dynamic objects) and they provide L7 advanced security with a very high fidelity. Indeed, third-party testing shows that FortiGate NGFWs provide industry-leading security efficacy.

FortiGate NGFWs have received five consecutive “Recommended” ratings from NSS Labs in its annual NGFW industry tests.

Resiliency and scalability

Data centers demand maximum availability and resiliency. FortiGate E-Series firewalls Fayetteville NC achieve five-nines availability and superior MTBF by applying N+1 redundancy clustering (to ensure system backup in the event of a component failure), in addition to carrier-grade hardware and software.

Network security must also scale to protect all traffic—both unencrypted and encrypted. Inspecting encrypted traffic is a requisite, with 72% of network traffic now with secure sockets layer (SSL)/transport layer security (TLS) encryption.6 With upwards of 50% of cyberattacks using SSL/TLS encryption to infiltrate networks or exfiltrate data, employing SSL/TLS inspection is a requisite.7 But with many NGFWs experiencing serious performance degradation when SSL/TLS inspection is turned on, this incurs substantial increases in CapEx and OpEx.

FortiGate firewalls Fayetteville NC deliver high-performance inspection of both unencrypted and encrypted workflows (including TLS version 1.3). Specifically, they deliver industry-best price/performance for SSL inspection and one of the best total cost of ownership (TCO) per protected megabit per second (Mbps)—even when SSL/TLS inspection is activated.8

Automation and orchestration

As an essential part of the Fortinet Security Fabric architecture, FortiGate NGFWs maximize business value through point product consolidation and integration. Existing security solutions integrate with FortiGate firewalls Fayetteville NC through open APIs, enabling workflow automation, orchestration, and synchronized security to protect against unpatched applications and ever-changing DevOps environments. This comprehensive integration is enriched by indicators of compromise (IOCs) visibility into current and past logs for threat detection via single- pane-of-glass monitoring and management.

FortiGate NGFWs also enable network engineering and operations teams to keep pace with new and evolving government and industry regulations, as well as adherence to security standards such as those from the National Institute of Standards and Technology (NIST) and the Center for Internet Security (CIS) through automated compliance reporting, audits, and orchestration. In addition, the Fortinet Security Rating Service9 (which is part of both the 360 Protection Bundle and Enterprise Protection Bundle) allows network engineering and operations leaders to proactively manage and improve their overall security posture over time, while simultaneously detecting risks before they cause problems.

Securing an Expanding Data-Center Attack Surface

As data centers become increasingly distributed across hybrid IT environments, network engineering and operations leaders must ensure availability for business continuity. First, they must adopt an integrated security architecture for features such as shared threat intelligence, advanced segmentation, and access control. Second, they need resilient security that manages risks while scaling as traffic demands increase. Finally, they require automation and orchestration of security workflows to reduce cost.

The FortiGate E-Series NGFWs meet all three of these requirements, providing a cornerstone to any security approach—an integrated security offering that adapts to the changing shape and nature of the data center. This ensures industry-leading protection while simplifying operations and reducing TCO.

1 Kevin O’Connor, “Is Your Disaster Recovery Plan Up to Date?,” CIO, April 18, 2016.
2 “Ninth Annual Cost of Cybercrime Study,” Accenture and Ponemon Institute, March 6, 2019.
3 “The CIO and Cybersecurity: A Report on Current Priorities and Challenges,” Fortinet, May 23, 2019.
4 “Certifications,” Fortinet, accessed July 12, 2019.
5 Ibid.
6 “Quarterly Threat Landscape Report: Q3 2018,” Fortinet, November 2018.
7 “Study Reveals Hackers Increasingly Use Encryption to Hide Criminal Activity,” Lifeline Data Centers, accessed March 21, 2019.
8 “Fortinet Receives Recommended Rating in Latest NSS Labs NGFW Report...,” Fortinet, July 17, 2018.
9 “Proactive, Actionable Risk Management with the Fortinet Security Rating Service,” Fortinet, February 14, 2019.

Call SpartanTec, Inc. if you want to boost your network security and make sure that your business is protected against possible online threats.

SpartanTec, Inc.
Fayetteville, NC 28304
(910) 745-7776
http://manageditservicesfayetteville.com

Cities Served:
Fayetteville, Spring Lake, Hope Mills, Dunn, Aberdeen, Southern Pines, Pinehurst, Sanford, Clinto