Article | April 24, 2017

Ransomware Infection Reveals Bigger Problems For Financial Firm

Preventing Healthcare Ransomware

In addition to paying ransom fees to retrieve locked files, inadequate security protection puts a financial service firm out of compliance with industry regulations.

For more than seven years, Anthony Oren has been the CEO and tech maven of Nero Consulting, an MSP and technology consultant in New York City that specializes in providing cloud-based solutions and business continuity strategies for a flat monthly fee to businesses of all sizes and industries.

One of the biggest trends Oren has seen impacting a majority of companies in recent years is the exponential increase in cybersecurity threats — especially ransomware, which the FBI says has become a $1 billion problem. “By the time some companies reach out to us for help, they have no choice but to pay the ransom to get their data back,” he says.

That was exactly what happened to a 15-person financial services company recently. Although the firm used a popular consumer cloud backup service, the only way data could be recovered was one file at a time. “It would have taken a week or more to restore their 100,000-plus files,” says Oren. “At that point, it was more economical to pay the fine, which was about $1,200 USD or 2฿ in bitcoin currency, and get it back from the criminals, which took about two hours.” Thankfully, the firm’s story doesn’t end here. The incident presented a good opportunity for Nero Consulting to show the company that this incident was a symptom of a much bigger problem, which required what Oren calls a tech Ninja’s expertise.

Weak Security, Poor Network Configurations Are Top Vulnerability Culprits

After helping the financial services firm recover its data, Nero Consulting convinced the firm to undergo a full network assessment. Not surprisingly, the exercise revealed several red flags right away. “They were using free antivirus software on all their computers,” says Oren. “Not only is it a violation of the end user license agreement [EULA], these stand-alone products offer only remedial security protection, and there are no alerting features or visibility into problems until it’s too late.” Another problem Nero Consulting discovered was that the firm’s network was wide open, making it easy for an infection on any endpoint to quickly spread to other endpoints connected to the network.

What both of these findings pointed to, says Oren, was that the firm would have been out of compliance with newly formed industry regulations, such as 23 NYCRR Part 500, which took effect March 1, 2017. The regulation stipulates New York state’s cybersecurity requirements for financial services companies with 10 or more employees and generating at least $5 million in gross annual revenue, which were criteria the client met. “The regulation requires each firm, referred to as Covered Entities, to develop and implement written policies and procedures designed to ensure the security of their information systems and nonpublic information that are accessible to or held by third-party service providers,” he says. “Each Covered Entity also has to conduct a risk assessment and show it has the appropriate security controls in place.”

Mitigate Future Ransomware Threats With A Ninja Managed Security Services Offering

After helping the financial services firm discover the gravity of the situation, the MSP presented the firm with a comprehensive managed security solution. “In addition to offering to help the client develop security policies and procedures, we recommended our managed security services offering to protect their IT systems and data,” says Oren. “We use a bundled solution that’s built around Ninja MSP’s remote monitoring and management [RMM] solution, Webroot next-gen endpoint protection, Datto backup and disaster recovery [BDR], and TeamViewer remote control software. Using the Ninja RMM agent, we’re able to remotely deploy antivirus, antimalware, and other apps. Plus, Ninja enables us to create security policies and enforce them on the backend. Ninja also integrates with our other managed services products, which allows us, for instance, to see server alerts and malware attacks from Ninja MSP’s portal instead of having to log into multiple portals. Not only do we become aware of problems before our customers in many cases; we can often fix a problem before it causes any productivity loss or other concerns.”

Oren acknowledges that no security protection is 100 percent bulletproof, but with a good BDR in place, it’s close. “Should this client ever suffer another ransomware infection in the future, we have backup files and images of their data saved locally and in the cloud that we can retrieve. The BDR solution takes file and image snapshots every 15 minutes, which allows us to be precise when performing a rollback. Our BDR solution also performs regular restore tests automatically and takes a screen shot of the results, so we don’t have to wait for an actual emergency to know that it works. By protecting our client with Ninja MSP’s proactive network monitoring solution, our managed network security solutions, and a BDR solution, the firm no longer has to worry about contacting a cybercriminal to buy its data back should it ever suffer another breach. Plus, the customer is now compliant with state security regulations, which makes the investment well worth it to them — and it’s satisfying for us to play a key role in their peace of mind.”