Last month, Alvaka COO and CISO, Kevin McDonald, sat down with the Miles Jobgen of the CompTIA Biz Tech Podcast to share his experiences with rescuing and restoring clients from ransomware—the most dangerous threat to IT solution providers today. He also discussed best practices and actions that everyone should be taking to minimize ransomware risk. Below are some of the key takeaways from the interview.
Miles: “Do we see something different coming from the ransomware side, and then at the same time, are there maybe technical innovations on good guy’s side to help us kind of fight this?”
Kevin: “Yes, and yes. In fact, they are getting much more sophisticated, they’re much more patient. The bad actors are spending a lot more time, they’re shooting for bigger targets, and they’re learning the social behaviors [of the company]… They often will calculate what they think you are as a company, how much money you have in the bank, or insurance coverage, and they make the ransom fit what they think you can pay.”
Kevin: “When you have ransomware and you don’t have a self-isolated or air gapped backup that’s been defended against, you very often are not going to come back from ransomware. And we’re seeing a substantial number of businesses just disappear.”
Kevin: “My biggest frustration is people think they can insure against ransomware – you cannot. They think they can do a local backup against ransomware – you cannot. These guys are getting a hold of administrative and domain level credentials, taking over entire networks…so if you are logical about it, they can do anything that you can do with administrative functions, which means deleting your backup or overriding it, or corrupting it in some way.”
Miles: “What about internally? What should they [solution providers] be doing to make themselves less of a target, or at least a more difficult target?”
Kevin: “Starting with the basics […] patching your own systems […] applying MFA to critical functions like active directory and your domain controllers and things that are critical to gaining a foothold, taking away local administrative rights from everybody […] even executives.”
Click HERE to listen to the full podcast!
Learn more about Alvaka’s Ransomware Prevention and Recovery Support Services and ways you can minimize ransomware risk!
Smoke testing is a term used to describe the testing process for servers after patches are applied. 
Estimating an average time for patching servers and PCs can be a bit tricky. It can vary from one month to the next, depending upon the number and complexity of the patches released by your software vendors. You must consider all versions of operating systems and have a complete inventory of all your application software to do this job correctly. Our experience has shown that manual patching of systems takes on average of about 1.5 hours each.
This is a basic cost calculator for you to compute your typical monthly cost for patching your servers, PCs, laptops, tablets and associated application software. It also forms the basis for you to begin calculating your Return on Investment for software patching, or for comparison with alternatives to the manual process of patching operating systems and application software—such as Patch Management as a Service, also known as Vulnerability Management as a Service.