Pure luck has saved a major on-line gaming organisation from a financial meltdown due to ransomware. Weak governance and implementation of access management together with lack of strong authentication and authorization have shown how easy attackers could enter into the very core of a critical infrastructure, even though state of the art technologies are used.

The importance of secure authentication and authorization solutions are constantly proven in actual attacks. This attack rolled out with one computer infected through an infected email sent to one of the employees of the company. It was discovered when the malware started to encrypt and rename files in the infected computer. The employee infected called on the it-department and the company hoped it was enabled to limit the effect from the malware telling the employee to “unplug your computer immediately!”  At that time several other computers were already infected through insecure shared resources at the network, including the shared storage server. Luckily, most resources were decoupled from the network at the time of attack, which made it possible to recover from the attack and come back in business.

Lesson learned according to this gaming company:

  • In this case it was a fatal flaw of letting even just one unprotected PC onto its network coupled with the fact its PCs were misconfigured to share “C:\Users\username\Public” folder by default.
  • In order to avoid running into this type of problem again, the company is double checking access privileges on PCs and servers, exercising extreme discretion when it comes to what users have access to on the backend

To every company it is very important to have implemented highly secure authentication and authorization methods that require mission critical access to network resources to be authorized on a need to know basis, limiting the malware from easily spreading to other resources on the network. To do this, you need to make sure that the authentication method chosen cannot be broken or circumvented by malware.

The above-mentioned attack on this on-line gaming organisation is far from unique. But keep in mind, that the “good” thing with ransomware attacks, is that they per definition are created in a way that leaves no doubt to your organisation; you are under attack!

There are though important to remember that the mentioned attack could have been designed to just steal data, customer information, card numbers etc. These attacks are much harder to discover, because your it-systems will appear to run as normal – business as usual.

The good news is that there are ways to prevent these attacks. Protectoria has developed a unique solution that offers high security along with your preferred user experience.

Protectoria provides Strong Authentication technologies that efficiently protects infrastructure assets by enforcing authorization procedures out of band of the criminals attack software and methodologies.

System administrator/user privileges, access and the authorization of changing mission critical security settings are protected by the same measures as Protectoria protects money transactions from being manipulated.

The Protectoria Secure Mobil Platform – PSMP –  mitigates these kinds of threats by just-in-time loading of enormous entropy into the personalized running application, prohibiting the attacker from instrumenting the malware of manipulating access towards mission critical systems. With the PSMP active attackers have to figure out how to perform malware injections into a unique PSMP running environment within milliseconds for each and every change authorization procedure, making it practically impossible to make malicious changes given the limited time and computing power both presently and in the unforeseen future.

Are you in a business that needs to protect your data and privacy? (If not, please explain what kind of business you are in J).

Contact our sales team for more information.

https://threatpost.com/diary-of-a-ransomware-victim/117877/