Today I'm going to talk about a particularly virulent strain of malware called ransomware which is plaguing law firms today. Ransomware is incredibly effective not only because it's able to extort large sums of money out of it's victims but because it moves so quickly through their networks it hard to catch and to stop.
I'm going to give you a case study and this comes from a client who at 7:43 AM was attacked by a form of ransomware. When it occurred, our automated systems actually did catch it because it was known and it was stopped. But the bad guys are fairly clever about what they do and they can adapt quickly. They can change IP addresses from which they send the attacks and they can also slightly adjust the files hoping that they are actually going to leak through those perimeter defenses. And ultimately of course, after it did this about ten times, it did.
When it got in though, within less than a minute, it called home to what we call a command and control server. And that's where it brings down a payload and that's actually the piece that encrypts all the files. And this is called weaponizing. When it weaponized, it did encrypt those files.
Now we caught this in time and we blocked all further transmissions and this meant that the ransomware wasn't able to spread because that's typically how it works. It hits once victim machine and once it does that, it looks around the network and it finds other victims that it can then move on to. It can spread laterally through the network. So we prevented that from happening.
We then worked with the client over the next 40 minutes to clean up that machine and make sure that there were no other attacks. This happened in one global site. We made sure it didn't happen in any of their other offices. And by about 8:30 AM, so 47 minutes later, we gave the all clear knowing that the attack was over.