The Battleground:

A Non-Profit Organization’s network 

The Presumption: 

Having infrastructure in place to be notified of major networking devices that are not working properly. 

The Discovery: 

The Organization had contacted InfusionPoints to conduct an incident response for their network that had just been infected with ransomware. After the incident report had concluded, the major reason as to why their network was vulnerable was their firewall had been disabled. Unfortunately, most of the logs during the incident had been deleted and the exact point of entry was uncertain. A user was linked to the cause of the ransomware that had downloaded AnyDesk. There is a likely chance that the account was compromised and that was the reason why the firewall was offline. The account was then able to move laterally to gain access to the Admin account and remove access to all users on the network. 

Our Solution: 

Setting up notifications if your network’s IT department for when devices are offline. Blocking the ability to download certain programs without authorization. By granting least privilege to users to help prevent lateral movement. Also, teaching your employees the importance of ransomware prevention and mitigation.  

Lessons Learned:

Everyone is a target for ransomware and will be exploited for monetary gain. There is no moral code when it comes to ransomware.