The San Francisco Bay Area was enjoying a US Thanksgiving holiday weekend when ransomware hit its municipal transportation agency, locally known as Muni. Over 900 office computers were affected, with Muni data locked up as the hacker demanded 100 bitcoins, or roughly $73,000, which the San Francisco Municipal Transportation Agency (SFMTA) never considered paying, according to the San Jose Mercury News.
While many news outlets have covered the attack details, what we notice here at Menlo Security is a lack of awareness regarding the latest protection techniques. It turns out that isolation can help prevent or limit these types of ransomware attacks, contrary to what some news coverage is portraying.
The Muni attack specifics continue to be investigated, with Brian Krebs pointing to unpatched web servers as a potentially exploited vulnerability. Others report that perhaps an employee either clicked on a suspicious email link or visited a risky web site, which then allowed a hacker to penetrate system computers.
If the latter holds true, had isolation been in use, any risky Web sites that employees visited would have been rendered harmless. Isolation is like bullet proof glass that is inserted between end users and what they interact with on the web – news sites, social media posts, and ecommerce pages, for example. Menlo Security’s solution uses patented Advanced Client Rendering (ACR) technology to deliver a Web experience without the threatening code, scripts, or content.
Similarly, if an organization like Muni uses email isolation, a phishing attack that prompts a click to a dangerous site would also have been neutralized. Rather than making a “best guess” as to whether a site is good or bad, all email links would be run through the Menlo Security Isolation Platform to only provide users with safely rendered content. In addition, each web session would be virtually shredded, leaving no trace of the original dangerous code.
If the hacker initially infiltrated an unpatched Web server, isolation would still protect those interacting with that server’s content through their Web browser.
Certainly, no single security solution solves everything, but even Gartner recommends today’s enterprise deploy isolation (they prefer the term “remote browsing”) to limit hacker damage. Isolation is a simple, effective technique to keep companies up and running.
Unfortunately, ransomware is only picking up steam, so it makes sense to add new layers of defense to protect your organization. As CNBC reported, a majority of phishing emails involve ransomware, and those can be pointing Internet users to vulnerable servers as hackers pursue credential theft. Isolation neutralizes these various types of attacks, providing a modern and immediate preventative security method.
Learn more about isolation.