Orange County, CA – We have seen a surge in ransomware attacks in the past week. While only two Alvaka clients have gotten hit, they are a tale of different system administration acumen.
1. A Los Angeles based firm got hit with the latest breed of ransomware on Friday. Where an otherwise non-event for the most part went wrong was that a key user had elevated administrative rights to manage their IT infrastructure. Instead of using a regular user account, with very limited user rights for day-to-day activities, this more powerful account, when struck by the ransomware, infected all the important file shares of the firm. Fortunately they had good backups, but because of cumbersome folder naming conventions and structures it took the guys in our Alvaka Networks’ Network Operations Center about 28 hours straight to get all the user permissions back in order for the client to get back to work. The lack of “least-permissions” as used by this client goes in direct opposition to what we recommend at Alvaka. Least-permissions is the practice of using accounts that grant the user access to only the locations on the network for which they have a business need to access.
2. In another example, a $200m manufacturer/distributor got hit by the same ransomware. The user; a Jr. Executive, saw some unusual activity with his system but failed to report it before he left at midday. The problem was spotted and our Network Operations Center took action. This time the outcome was very different than the prior scenario. Why? Because the user only had access to documents and folders to support his job. Once identified, the problem was resolved by Alvaka staff within 45 minutes with very little impact and virtually no adverse effect on the overall organization.
So far only two clients of Alvaka have been ransomed, neither needed to pay anything. I am on a couple e-mail message lists for IT service provider discussions. Ransomware is a wide-spread problem right now. Two is too many so at Alvaka we are writing a probe to detect this problem early in the process. This ransomware has four unique traits that announce to those watching that it has arrived. We are in the process of tracking those four digital beacons. When detected we will shut down the server so that we can stop the ransomware in its tracks, mitigate the damage and begin the recovery process. We are also implementing new URL reputation checking technology to thwart the impact of ransomware should it get into your systems. I strongly recommend you have us implement this for you. If you want these two new protection solutions, be sure to contact me or your primary contact at Alvaka Networks. I can be reached at 949 428-5000 or toli@alvaka.net.
For those who are interested message and look of the ransomware message, here it is:
Here is a well-publicized article on a hospital that was hit badly and the ransom amount demanded is $3.6M!
Smoke testing is a term used to describe the testing process for servers after patches are applied. 
Estimating an average time for patching servers and PCs can be a bit tricky. It can vary from one month to the next, depending upon the number and complexity of the patches released by your software vendors. You must consider all versions of operating systems and have a complete inventory of all your application software to do this job correctly. Our experience has shown that manual patching of systems takes on average of about 1.5 hours each.
This is a basic cost calculator for you to compute your typical monthly cost for patching your servers, PCs, laptops, tablets and associated application software. It also forms the basis for you to begin calculating your Return on Investment for software patching, or for comparison with alternatives to the manual process of patching operating systems and application software—such as Patch Management as a Service, also known as Vulnerability Management as a Service.