Skip to content
In the past few days since the Russia/Ukraine conflict, there have been some changes in the cybersecurity landscape. Below are some of my personal observations from our Ransomware Recovery business unit. I am curious if other incident response professionals, ransomware negotiators, and breach counsel experts have a different outlook.
• Ransomware and other cyber-attacks appear to still be at a lower level than in 2021 and early January. The presumption is that the threat actors have been conscripted to wage cyber war in the Russia/Ukraine digital battlefield. Smaller attacks against NAS storage like QNAPs seem to be the exception, as those are at a higher volume. But larger attacks against mid and large enterprises, while still happening, are fewer in the past six weeks.
• Conti is now a sanctioned ransomware threat actor. We have learned this from some recent cases. That means OFAC, the U.S. Department of Treasury Office of Foreign Asset Control, is restricting ransomware payments by victimized U.S. companies. If these U.S. companies don’t have good backups, or some other means of recovery, it will have devastating results. I am mixed on paying ransoms. Nobody wants to pay the bad guys, but if it is a company worth $10B dollars, those that have that company’s stock in their retirement fund are screwed, along with thousands of employees, customers, and vendors up and down the supply chain.
• Conti is now sanctioned by the U.S. government as a hostile terrorist or government entity. That means for all the companies that get hit by Conti (and they are one of the biggest operators in the ransomware space), cyber insurance is not going to pay out. The insurance carriers are going to cite the clause in their contract, where they don’t have to pay out on losses due to war/nation state actors.
• It is very possible that cyber-attacks erupt in the next few days impacting North America and other western nations, but as of now, it seems restraint is being observed on both sides.
Things are changing rapidly in the cybersecurity space due to the nation state actors and the geopolitical conflict. These are just my personal observations from the past 72 hours. Again. I am curious what my peers think and see, and will keep a close eye on the trends and changing landscape.
If you have any questions or concerns, please feel free to reach out to Alvaka at (949) 428-5000. To read our recommendations on how to reduce your risk of ransomware and other cyber-attacks, click HERE.
Oli Thordardon
President/CEO of Alvaka Networks
You want to enter in a fully burdened labor rate for this field. What that means is that you want to take the base hourly rate, plus 25-30% for employer payroll taxes, benefits, vacation/holiday time, etc.
Smoke testing is a type of software testing performed by Alvaka after a software patching sequence to ensure that the system is working correctly and to identify any misconfigurations or conflicts within the patched system.
This is a basic cost calculator for you to compute your typical monthly cost for patching your servers, PCs, laptops, tablets and associated application software. It also forms the basis for you to begin calculating your Return on Investment for software patching, or for comparison with alternatives to the manual process of patching operating systems and application software—such as Patch Management as a Service, also known as Vulnerability Management as a Service.
You want to enter in a fully burdened labor rate for this field. What that means is that you want to take the base hourly rate, plus 25-30% for employer payroll taxes, benefits, vacation/holiday time, etc.
Smoke testing is a term used to describe the testing process for servers after patches are applied.