An Interview with Fabian Wosar
In this episode, Richard talks to Fabian Wosar, Chief Technology Officer of Emsisoft, about ransomware. Emsisoft provide premium internet security software for the home and business user. They are a leading supplier of behaviour analysis technology.
Fabian has helped develop the anti-malware technologies and ransomware decryptors for Emsisoft and leads their ransomware recovery service. He’s been described by the BBC as the best ransomware expert out there.
What is Ransomware?
Fabian explained that there are different types of ransomware, but it’s a malware that takes over your system or your data for ransom. The hacker will lock you out by displaying a message or window you can’t close until you’ve paid the ransom – this is known as a screen locker.
Screen lockers have now been replaced by data-encryption ransomware, or crypto-malware. This locks your data behind an algorithm and the victim must pay for a key to decrypt and access their data. Fabian added that even if companies can recover the information themselves, they still pay the hacker to prevent them releasing the data publicly.
How Easy is it to Deploy Ransomware?
It’s worryingly easy to buy a tool to online which can be used in ransomware. Fabian explained that most ransomware threat actors use Cobalt Strike, which they purchase as a ‘red teaming tool.’
‘Red team’ is a war-game term which is used by military and other organisations with sensitive data to test out attack and defence scenarios. The red team are the hackers and the blue team represent the internal IT security team.
Cobalt Strike is a commercially-available programme which creates safe, artificial scenarios for companies to test their networks. The software is highly sophisticated, which means that unfortunately cybercriminals can use it to infiltrate networks.
Some software providers even supply manuals that walk you through how to gain access to a network. To cause damage, you only need to exploit one machine, says Fabian.
This further explanation on red teaming might also be useful.
Why MSPs Should Choose Emsisoft
Most MSPs say Emsisoft products are easy to use and incredibly convenient. Fabian says that they were all built from the ground up with MSPs in mind, so they can be set up and rolled out for the end users.
They offer co-branding options to personalise the tools, and an MSP can make themselves the first point of contact if there are any problems.
Emsisoft are then on hand to help with any complex ransomware issues and the product is extremely effective for ransomware detection and prevention.
Fabian says that many MSPs who have partnered with large security providers feel isolated when they need support and don’t always get help fast. Emsisoft ensures that they speak to an expert straight away.
How to Deal with a Ransomware Attack
Fabian says it depends on whether it’s your business or a client business that’s attacked. In his experience, it’s never good if an MSP is hit. And often, they’ve used their own RMM to encrypt all the clients’ data. This puts the clients at risk and leads to distrust of the MSP.
Anyone can be a victim of ransomware, but as an MSP you’re hired as the IT expert.. You should have the best security practices possible in your business.
You should be using MFA (multi-factor authentication), patching your VPNs and securing remote access.Not doing these things make you negligent. Keep up to date on developments in the field, too, so you’re giving your clients exactly what they need.
How MSPs can Educate Their Clients about Ransomware
Education is difficult, says Fabian. “If we could figure out effective ways to do it, then ransomware would be much less of an issue than it is.” However, there are all kinds of resources that an MSP can use to educate themselves and then share that knowledge with clients.
Your local government website should be able to offer resources, as does the No More Ransom Project. Fabian also recommends supporting clients to build a playbook to outline how they would respond to a cyber hack. Having that ready will make things less stressful if the worst does happen.
How Secure is Your Data in the Cloud?
Storing data in the cloud makes it harder for a hacker to access it, but there are different levels of protection. Data is at greater risk if moved away from a local domain controller, or the cloud data mirrors an on-site backup.
“The ransomware usually comes at the end of the entire attack chain. So the ransomware threat actors know exactly what security and backup you have in place. And they might already have access to your cloud storage”, said Fabian.
Configuring cloud solutions to make hot deletes impossible will help, too, as the hackers then can’t delete things themselves. Fabian admits that this advice may go against your instincts. But instant backup deleting will go against you.
How to Connect with Fabian Wosar
How to Connect with Me
- Subscribe to TubbTalk RSS feed
- Subscribe, rate and review TubbTalk in iTunes
- Subscribe, rate and review TubbTalk on Stitcher Radio
- Subscribe and rate TubbTalk on Spotify
- Follow TubbTalk on iHeartRadio
- Follow @tubblog on Twitter
Mentioned in This Episode
- Cobalt Strike
- No More Ransom Project
- Scottish Government Cyber Resilience Framework
- National Cyber Security Centre
You Might Also be Interested in
- Podcast: How to Navigate the Scary World of MSP Cybersecurity
- Norse Attack Map
- Podcast: How do Criminals Think? Cybersecurity for MSPs