A Cybersecurity Horror Story: Understaffed and Hit by Ransomware

By Liselotte Foverskov, Contributor
Share Post

With Halloween fast approaching, I think this cybersecurity horror story will give you the chills. The story is about a company who had a series of unfortunate incidents and ended up being a true cybersecurity horror story.

I heard the story last week when I was recording a podcast about IT security. The aforementioned company was in a situation where two employers from the IT department had recently left and they were now struggling with being understaffed. The company had not implemented any security tools to give them an overview of the network.

Because they were now understaffed and lacking resources, they focused on other priorities, of which IT security wasn’t one. They were hit by a ransomware attack and some time went by without them noticing anything was wrong. The problem was noticed by the users because they suddenly didn’t have access to some of their files. With no tools to help them, the IT department was working completely in the blind to try and solve the problem.

As far as I know, this situation is still being investigated and I know they have hired external consultants to do a forensic analysis to find out where the problem started and how much damage was done. But with such an attack, how can a company really be sure if they have gotten all the malware out of their infrastructure? Malware can lie idle for a long period of time and be undetected as some devious programs need time to pass before they start performing their mischief.

This is just one example of how things can suddenly and very quickly go very wrong. I personally know a few companies in situations where they are understaffed, not able to focus on IT security, and therefore in need of some extra help.

A cyberattack like this inflicts damage by giving downtime and recovery costs. The overall cost can be even bigger, with a security breach impacting a company’s image and brand and leading to lost business and even bankruptcy in some cases.

Cybercrime is Up
According to the FBI's 2018 Internet Crime report, the losses from complaints of suspected Internet crime are in excess of $2.7 billion. The impact of ransomware in 2018 was $3,621,857. And this number does not include estimates of lost business, time, wages, files, equipment or any third-party remediation services acquired by a victim.

It’s always easy to tell people what to do looking back. Unfortunately, it is a well-known fact that you need to be prepared for all situations when it comes to cybersecurity. Hindsight may be 20/20 but it also only works after you’ve been affected by a problem.

If You Want Peace, Prepare for War
If you do not prepare, you will act in panic and when you act in panic, you don’t come up with the best solution to your problem.

There are several forms of attacks that can happen to your network and it’s important to find a solution that can help your business with the right competencies and right tools for all possible incidences.

Aruba IntroSpect user and entity behavior analytics (UEBA) and network traffic analytics (NTA) solutions leverage artificial intelligence, machine learning, analytics and forensics to give companies greater visibility into the network and the ability to quickly detect, investigate and remediate attacks.

What Can IntroSpect Detect?
Here are some of the use cases IntroSpect can detect and prevent via machine learning:

  • Account Abuse
  • Account Takeover
  • Command and Control
  • Data Exfiltration
  • Lateral Movement
  • Password Sharing
  • Privilege Escalation
  • Flight Risk
  • Phishing
  • Ransomware

For example, a typical attack email campaign will attempt to trick a user by spoofing the sender address and other information. These subtle changes often go unnoticed and the statistics of how many people click on fraud links in emails is scary. The result being that with a click, the person who has been attacked (and fooled) has now invited other people to join your network.

With specially trained machine learning models, IntroSpect can spot these subtle changes and combine them with other attacker behaviors to deliver a reliable, highly actionable alert before files are frozen or data leaves the organization. In a busy everyday life in the world of IT, IntroSpect will work 24/7 on detecting what cannot be seen with the human eye.

Go Deeper

Learn more about IntroSpect and ransomware.

Learn how to secure your network with AI, you can read this blog post.

Learn about Aruba's approach to stopping cyberattacks.