Arizona Beverages was recently hit with a massive ransomware attack – yet the company has taken nearly two weeks to get back online.
This was due to outdated IT systems and servers, and means that the company is suspected to have lost millions of dollars each day it’s been offline as a result.
Arizona Beverages ransomware attack exacerbated by unpatched servers, poorly configured back-up system l https://t.co/l6cjSuheNQ @radware
— SC Media (@SCMagazine) April 2, 2019
Expert Comments:
Justin Des Lauriers, Technical Project Manager at Exabeam:
The ideal case would be to detect and stop ransomware before an infection occurs. Unfortunately, this insidious software is almost always detected after the damage has already occurred—it having reached the ‘payday’ stage of the Ransomware Kill Chain (where the hacker demands ransom).
One way to thwart a ransomware infection—before it begins to encrypt your files—is by deploying user entity behaviour analytics (UEBA), which can detect the telltale behaviours associated with ransomware. It lets you identify an attack earlier in its kill chain, such as during the Infection, Staging, or Scanning phases, before encryption occurs. Using models and rules to track user behaviour—a behaviour-based approach offers an ideal way to detect ransomware attacks. From the onset of its deployment, a behaviour-based approach creates normal user behaviour baselines, making it possible to track any deviations from the norm. Examples include an illegitimate user who attempts to connect to a domain, or an insider who suspiciously downloads files typically not associated with them.”
Caroline Seymour, VP of Product Marketing at Zerto:
With Arizona Beverages suspected to have lost millions of dollars each day following the attack, this should serve as a stark reminder for enterprises to begin actively investing in dynamic and modern disaster recovery (DR) solutions, for protection against increasingly sophisticated cyber-threats. For companies like Arizona Beverages, solutions such as continuous data protection and hybrid cloud DR could be the difference between shelling out millions of dollars, and becoming completely IT resilient – getting back online within seconds, rather than weeks, without losing valuable data.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.