Skip to content

REvil ransomware attack illustrates IT systems need for epidemiological investigation

Originally posted on CTECH

The recent REvil ransomware attack has revealed that our computer systems are vulnerable to unknown and surprising pathogens, similar to our vulnerability to Covid-19. The hackers claim that the attack penetrated more than a million workstations, and demanded about $70 million to unlock them. However, the most important question is how the damage could have been reduced or prevented. Let’s take a step back. Antivirus software comprises the first defense line (the IT immune system, if you will). The antivirus operating principle is simple: if malicious code is detected, it is signed by the various antivirus manufacturers and its hash is distributed as an update to the local antivirus installation. Thus, antivirus software can identify most malware and prevent them from damaging the computer.

Nevertheless, similarly to biological systems, some viruses and vulnerabilities are unrecognizable by antivirus software. About 30-50 IT companies, including many Israeli ones, work to discover the meager number of yet undiscovered malware and yet unabused vulnerabilities. This activity is expensive and carries large premiums, but numerous organizations around the world would pay for such protective measures. Think about it – if a security operation is attacked by 1,000 different malware a month, the damage of even a single penetration would be catastrophic. Therefore, an antivirus that prevents 99.9% of attacks will not suffice.

However, systems identifying unrecognized threats are prone to false alarms. No wonder – anyone trying to find a new type of threat is likely to be sensitive to any anomaly or change. Yet the high number of false alarms that these systems provide causes many to ignore them or to disable the systems, quite similar to muting the sound of a cardiac monitor, thus remaining unprotected yet again. One of the methods of containing the damage might sound familiar in the post-COVID world – isolation. For example, in the latest REvil attack, Kaseya software, serving as part of the supply chain, was damaged. The company warned customers over the weekend to disconnect their devices from the internet to prevent encryption of their information, as the malware was raging outside and a cure for it was yet to be found. A network control system, like an internal epidemiological investigation array, can sometimes be useful in stopping the malware spread and preventing some of its damage.

Isolate, test, and decide

NAC (Network Access Control) systems test every device and every user individually – who is the user attempting to connect? What is his role? What hardware does he use? Does he have an antivirus? Are there security updates installed? All these parameters are calculated to a security ranking, according to which network access is granted or denied. In some cases, it is possible to prevent or restrict the use of plug-in USB devices, and in extreme cases, it is even possible to deny usage completely and isolate the “sick” computer from the outside world.

An internal epidemiological investigation array mitigates the risks instead of trying to eliminate them completely. The truth about the Covid-19 pandemic, as well as for computer systems, is that complete isolation of our homes or computer stations will prevent us from catching the virus, but it will also prevent us from functioning. Therefore, IT systems and humans need to establish risk-mitigating measures which will balance the existing threat of infection and the need to connect, meet and interact with the outside world.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit, and follow us on Twitter and LinkedIn.。



Click one of our contacts below to chat on WhatsApp