Avoid a data hostage situation with Managed NTM from NCC Group
Ransomware is one of the biggest security challenges facing businesses of all sizes.
And as organisations seek to streamline their supply chain processes by integrating with their suppliers’ systems, this inter-connectivity is leading to an increase in potential attack surfaces that criminals can exploit.
Once one business in the supply chain is compromised, all businesses in the chain are at risk.
SamSam in the supply chain
NCC Group’s Security Operations Centre (SOC) team recently responded to a scenario in which a client’s main supplier had been infected with the SamSam ransomware.
SamSam scans for unpatched applications on a vulnerable JBoss server. Once a vulnerability has been found and taken advantage of, attackers can trigger the ransomware remotely which then allows it to spread through the local network to infect additional computers and servers.
The customer was using NCC Group’s Managed Network Threat Monitoring (NTM) service, which provides 24/7 monitoring and response through the use of NTM appliances. These appliances are deployed on the customer’s network and are continually updated with the latest threat intelligence.
After learning of its supplier’s issues, the client contacted the SOC to find out if its own network had also been infected by SamSam.
NTM offers peace of mind
By analysing historical network data and security alerts generated by the NTM appliances, our SOC team were able to look for evidence of the SamSam ransomware at a granular level.
Following an extensive investigation - which involved an in-depth analysis of network data reaching back several weeks - our team were able to inform the customer that there was no evidence to suggest the SamSam ransomware had spread from the supplier’s network to theirs.
Alongside the forensic investigation in to SamSam, the SOC team also identified the list of systems and software versions which would render the customer vulnerable and provided general guidelines about how to avoid ransomware attacks.
NCC Group customers who choose the Managed NTM service have access to an unrivalled offering that combines our expert analysts and in-house developed technology to provide peace of mind that their network is well protected.
As threat actors seek to identify vulnerable organisations as a way to access the entire supply chain, every business should ensure they take steps to protect themselves and their partners.
Published date:  13 October 2017
Written by:  Dominic Carroll