Patch Lady – ransomware attacks

Topic

New Reply

Have you seen the news? Scary, huh! So if you are a small business and you use consultants ask them if they use two factor authentication in order to
[See the full post at: Patch Lady – ransomware attacks]

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

woody

Reply | Quote

Replies

Having a quick look at Duo it seems to be a 3rd party site (Cisco) through which you connect to your site. Effectively you block external access except from the Duo site.

cheers, Paul

Reply | Quote

[beeswax]

Paul T wrote:

Having a quick look at Duo it seems to be a 3rd party site (Cisco) through which you connect to your site. Effectively you block external access except from the Duo site.

cheers, Paul

Not really, Duo adds an additional layer to specific services/protocols such as RDP which enforces a 2FA prompt.  For example, if you install the Duo RDP component on a Windows box and configure it in the Duo web panel, anyone who subsequently connect to that box using RDP will be prompted to complete 2FA before they are allowed access.

I use the free tier on all my home servers so now I can get a 2FA prompt on my phone whenever I RDP on, it’s a great free way to add some extra security.

If you have a paid up subscription you can do more advanced stuff like geofencing e.g. “deny connections from all countries except US/UK”.

• This reply was modified 5 years, 6 months ago by beeswax.

1 user thanked author for this post.

Paul T

Reply | Quote

Duo is great and one of my clients uses it for DoD stuff, but most services offer 2FA natively.  Our business is basically built around Teamviewer, and we enforce 2FA and whitelisting to guarantee our clients will not get hacked with it (which has happened prior that policy).  We also rely on Dropbox, and it also supports 2FA natively.  All of these work off the Google Authenticator app, so they’re all quickly accessible from the same place.  Very handy.

Reply | Quote

Here is a link to the article – it doesn’t appear to be included in your post, Susan.
https://www.npr.org/2019/08/20/752695554/23-texas-towns-hit-with-ransomware-attack-in-new-front-of-cyberassault

I think they are going after small towns because the small towns are likely less vigilant on IT issues such as doing regular backups.

On the bright side (if there is a bright side), a really small town could scrap the compromised system and start over from scratch, because there aren’t a huge number of people who would be affected. That might be cheaper than paying the ransom; and as a bonus, they could build a more secure system from the ground up.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

MrJimPhelps wrote:

On the bright side (if there is a bright side), a really small town could scrap the compromised system and start over from scratch, because there aren’t a huge number of people who would be affected. That might be cheaper than paying the ransom; and as a bonus, they could build a more secure system from the ground up.

That’ll work as long as they have some sort of data backup; otherwise, they’re going to get sued time & time again by folks who seek to make money off the fact that they can’t comply with their legal obligation to fulfill public records requests.

Reply | Quote