I’m thrilled to announce that Canadian-based Corel has acquired Awingu. Awingu has experienced rapid growth over the last year as the global workforce embraces permanent remote and hybrid business models and this is a great time for the next chapter in our story. Awingu is known for its powerful simplicity, and is recognized as a Unified Workspace and Zero Trust solution by analysts such as Gartner and Forrester.

Corel is a leading provider of solutions that promote workplace creativity, productivity, and collaboration. It’s the home of Parallels, an award-winning virtualization and VDI solution that includes Parallels Remote Application Server (RAS) and Parallels Desktop. The acquisition of Awingu strengthens Corel’s ability to deliver a secure, productive remote workspace for its millions of users.

This is good news for our customers and partners! Joining forces with Corel doesn’t replace Awingu, but rather enhances its capabilities. We truly believe that Parallels and Awingu are complementary technologies that build on each other and are stronger together. The combination results in a unified product that leverages the unique strengths of both solutions and meets an urgent market need for remote access and workspace technology. It also gives Awingu technologists more access to R&D resources to further expand and enhance the Awingu offering in ways that may not have been possible before.

While the Awingu technology isn’t going anywhere, the Awingu brand will be replaced by the Parallels brand over time. As much as we loved and are proud of the Awingu brand, no longer will our Awingurus need to explain that Wingu is the Swahili word for cloud. The Awingu teams will stay in place and will gradually be combined with the Corel and Parallels teams. I am also pleased to announce that I’ll be joining the Corel team moving forward, and I’m excited about what the future holds for our combined companies.

This acquisition means that Awingu will be part of a larger organization with more scale in customer success, sales, marketing, product development and support. Our commercial leverage will grow significantly. Awingu has strong and growing coverage in EMEA, which will be extended by Parallels’ global channels and vice versa. This opens the door for even stronger proximity to customers and partners.

On behalf of the Awingu team, I want to say that I’m really looking forward to this new chapter. I wish to thank all Awingu partners and customers who have supported and trusted us. Our journey is only getting started!

We will continue to communicate to our partners and customers, as plans take more shape and operational realities start to change.

Warm Regards,

Walter Van Uytven, CEO Awingu

Nederlandstalige versie: zie onder

The Fire Brigade Zone Rivierenland (Zone Antwerp 2) is one of the 35 Belgian and one of the five Antwerp rescue zones. The zone officially started operating on 1 January 2015 and provides fire and medical assistance (ambulance) in the southwest of the province of Antwerp.

The Fire Brigade Zone Rivierenland comprises 19 municipalities that together represent a population of approximately 420,000. The total surface of the service area covers approximately 570 km². The Zone Rivierenland also borders on other ones like Antwerp, Rand, Kempen, East Flemish Brabant, Flemish Brabant West, East and Waasland.

Which applications are used via Awingu?

The IT department of the Fire Brigade Squad Rivierenland explains which applications are made available through Awingu in a safe way, based on the profile of the user.

ABIFIRE

For many zones ABIFIRE is the centre of daily operations. It contains modules for intervention reports, privacy-related personnel data, construction advice, prevention reports, material management and much more. If this package is not available for technical or security reasons, the operation of the zone practically stops.

For Rivierenland, it was therefore an absolute necessity to secure ABIFIRE even more. For them it was a minimum requirement that they could secure the login procedure with multi-factor authentication. As this is also built into Awingu, this was the first checkbox that could be ticked.

3P

The 3P package is a mandatory tool of the Government in procurement procedures. This application is also made available in the Awingu Virtual Workspace because the 3P licence only works with pre-agreed domain credentials.

BLUEBEAM

As a CAD programme, Bluebeam is a widely used tool within rescue districts to draw or modify plans. At HVZ Rivierenland this application runs on a separate server.

“Before Awingu was brought into use, this program was installed locally on each device. This required a lot of maintenance and follow-up, which can now be done centrally at the server level due to the limited IT team. Also, the performance for those who work remotely through Awingu is optimal with this CAD application. Thanks to Awingu, we were able to tick 2 more boxes.”

HERMES

The old, well-known accounting program is no longer current or in use at the zone. However, there is still a need to be able to access certain data here. Awingu as secure gateway brings here the perfect balance between security and user experience. Also, the impact of the irregular use of Hermes is nil, since the Awingu licenses are based on a concurrent model and not on a named basis. Another thing HVZ Rivierenland could tick off thanks to Awingu!

MERCURIUS

The Mercurius billing software is not only used by HVZ Rivierenland, but also by various local police zones. (Today, more than 60 police zones in Belgium work with Awingu). Within the HVZ, the need arose to build in some extra security. For example, there was no MFA foreseen for the internally hosted, web-based application, making the security risk too high. By putting this application behind Awingu, with MFA and a protocol switch on the Awingu appliance, a direct connection between the end user device and the server backend environment is avoided.

DIV

The DIV of the Flemish Government can now also be accessed directly, whereas previously the IT service had to push an Internet shortcut in each user profile.

REMOTE DESKTOP

To securely access your own servers from the outside, a secure connection is made via Awingu’s remote desktop functionality. In addition, every login and activity can be traced in the Awingu dashboard. Something that has proven to be very useful. This was the case when a certain anti-virus program caused another program to close down promptly. Of course, this also happened to be on a non-managed device belonging to one of the volunteers who work for the zone… Via the track & trace in Awingu, this issue could be detected and resolved fairly quickly, says the IT department as an anecdote.

The effect of Awingu at HVZ Rivierenland

We can conclude that the users are satisfied and the IT team even more so because, compared to the former Citrix use, there has been a strong simplification with Awingu.

“Volunteers who do not use a managed device from the zone, can simply use their own device to access the necessary applications as well as the file share that was integrated after the switch to Awingu. On top of that, nothing needs to be installed on the devices themselves, because Awingu is completely browser-based. This saves our IT admins time for configuration and maintenance, but also significantly reduces the cost for the type of devices.” The only thing that still needs to be installed is the remote application helper when using a Smartcard (eID).

In terms of security, huge steps have been taken with the introduction of just one tool, Awingu:

• MFA is built in for free
• All data processed through the browser is encrypted
• A complete audit of everything is available
• Even screen recording is used in some cases (especially when suppliers need access to the network).

The fact that HVZ East-Flemish Brabant and West-Flemish Brabant have also started working with Awingu, shows that HVZ Rivierenland is not alone and has made the right decision with this future proof solution.

June 2^nd 2022, Ghent/Brussels – Awingu is proud to have received the Data News “Digital Workplace Innovator of the Year” Award at yesterday’s Data News “Awards for Excellence 2022” event in Brussels Expo. The awards are the results of a solid selection process by the editorial staff of Data News, its readers and a jury of ICT professionals and thought leaders.

Back in 2016, Awingu won the Data News “Startup of the Year” Award. Hence, we see last night’s honor as a sign of recognition of our maturity and growth within the industry in the past 6 years. Given the fact that we were running against household names such as Delaware and Dell Technologies in the “Digital Workplace Innovator” category, we are all the more inspired to continue our mission to aid companies with their workspace transformation by making secure remote work available anywhere, on any device.

The number of cyberattacks increases every day. Most notably, ransomware attacks are continuously on the rise: not a day goes by or a new ransomware attack and data breach are mentioned in the press. But what is ransomware exactly, and which types are there? How do these ransomware attacks happen, and what can you do to prevent them? In this blog post, we’ll formulate an answer to all of these questions.

What are ransomware attacks?

Ransomware is a type of malicious software (malware), that is used by cybercriminals to encrypt a (portion of a) device’s data, rendering it no longer accessible. To regain access, criminals will demand a big ransom payment before they will give the decryption key or deactivate the lock screen. But, of course, it’s better to mitigate your chances of getting attacked to begin with – rather than paying the ransom. To put more pressure on the victims regarding the ransom demand, the hackers can use specific ransomware software to not only encrypt files but also search for sensitive data and send this information back to the hacker. During this type of malware attack, ransomware groups often spend much time unnoticed in the operating system, while searching for the most valuable data to exploit. If organizations then do not want to pay the ransom, the malware attacker often threatens to publish the stolen data online, which has disastrous consequences.

Who are ransomware attack targets?

In general, anyone can become the target of ransomware attacks. However, looking at the most recent data breaches in 2022 alone, it’s clear that hackers will focus on organizations that work with a lot of personal files and sensitive data, big user groups, and possibly smaller IT teams (such as in education or healthcare). Furthermore, they also tend to target industrial players as disruptions in their IT processes pose prominent problems for the company’s supply chain.

Which types of ransomware attacks are there?

A wide range of ransomware variants are being used, but let’s take a look at the most common ones:

• Crypto ransomware or ‘encryptors’: This type of malware is perhaps the most famous one. A cybercriminal will encrypt files and to keep the decryption key, for which you will have to pay ransom. Notable examples are CryptoLocker, GoldenEye, WannaCry, …
• Locker ransomware: This ransomware variant will block your basic computer functions. You won’t have access to your device and you’ll only see one lock screen or popup with the message that your files and applications are inaccessible and that you need to pay a certain amount of money before gaining access again.
• Scareware: A type of malware designed to scare or manipulate people into visiting website pages or downloading malware-infested software. This is done by using social engineering tactics and popup ads. The goal is to make users believe they need to buy or download software (which is actually malicious). Some examples of scareware are: PC Protector, SpySheriff, Antivirus360, …
• Doxware: With this term, we refer specifically to ransomware that is used to get personal data. They compromise the privacy of the employees by getting access to photos and sensitive files, after which they will threaten to release the data. Often attackers will deliberately target specific victims for this type of attack.
• Ransomware as a service (RaaS): This is a business model for cybercriminals. Anyone, even without knowing how to code, can buy tools on the black market and use them for carrying out ransomware attacks. The tools are hosted and maintained by hacker collectives. Well-know RaaS providers are REvil, DarkSide, Maze, …

How do ransomware attacks happen?

Ransomware operators try to gain access to the company’s network or system via different techniques. Very often, they will try to do this via individuals in the organization, but they can also attempt to infect systems directly. The following list highlights some of the most common ways ransomware attacks happen.

• Phishing: Criminals send employees of your organization an email that contains a malicious link or malicious attachments. It could be that the link goes to a website hosting a hostile file or code, or that the attachment has a download functionality built in. If one of the people at the company clicks on or opens the content of the phishing emails, malicious software could be installed and the ransomware infects the systems.
• Insufficiently protected network: If you’re acting proactively in securing your network, cybercriminals can attempt to exploit multiple vulnerabilities and attack vectors to get in and let their malicious software do its thing.
• Open RDP: Using RDP without any security measurements is something cybercriminals like to see, as they can exploit its weaknesses. That way they get access to the company’s system. Researchers found 25 vulnerabilities (!) in some of the most popular RDP clients (FreeRDP, Microsoft’s built-in RDP client, …) used by businesses in 2020.
• Insecure VPN connections: VPN tunnels directly from your employees’ devices to your network. Together with RDP, the UK National Cyber Security Centre identified VPN as one of the largest risk factors for a ransomware attack, because malicious software from the client device can enter your corporate network remotely.

Examples of major ransomware attacks in 2022

Every day, another major organization is the victim of a ransomware attack. Some recent victims were:

• Government systems in Costa Rica (May 2022): Cyberattack targeting systems from tax collection to importation and exportation processes through the customs agency. Furthermore, they also got access to the social security agency’s human resources system and the Labor Ministry. The Conti cartel has been demanding a lot of money for the attack. In the meantime, they have been starting to publish stolen information as they were tired of waiting for the ransom.
• Florida International University (April 2022): Data breach that impacted the sensitive information of students and faculty. BlackCat was behind the attack.
• The Scottish Association for Mental Health (March 2022): The health organization was targeted by a ransomware gang that impacted the IT systems. More than 12GB of personal and sensitive data was leaked online. Behind the attack was RansomEXX ransomware gang.
• KP Snacks (February 2022): The hackers of the Conti gang were able to steal many sensitive documents like samples of credit card statements, spreadsheets including employee personal data, and confidential agreements, … They published even more of these data online after not receiving the ransom in time.
• Moncler (January 2022): At the beginning of the year, the luxury Italian fashion giant became the victim of a data breach following an attack by ransomware gang BlackCat. Afterward, the company explained that various data had been impacted. The data was not only related to customers, but also to current and previous employees, as well as to suppliers, and business partners.

These are only a handful of thousands of (publicly known) examples. Ransomware attacks are not limited to certain verticals or countries. Without the right security measures in place, everyone can become a ransomware victim.

Why are ransomware attacks rising?

Shift to hybrid and remote working

Ransomware attacks are on the rise as ransomware groups are continuing to adapt their techniques in this changing digital world. With the acceleration of remote working and shift to hybrid working, malicious actors are not only focusing on organizations in general but are also targeting individuals to gain access to the operating systems, files, and applications of companies.

More and more people are working outside the office networks. A lot of companies have set up a remote working solution in a quick way as they were surprised by the worldwide pandemic. However, in multiple cases businesses chose insecure solutions to do this (e.g. via opening RDP endpoints or facilitating ‘naked’ VPNs). The result was that they created gaps in their cybersecurity defense, which makes them an easy target for malware.

Financial benefits for ransomware group

Another reason for the rise is that more criminal groups see the benefit of ransomware attacks as companies tend to (in most times) pay the ransom. It can be a quick money win for them. Stealing and threatening to leak the data has been working well for these ransomware gangs, so we see a clear shift from denial of data to data extraction. Let’s take a look at how you can prevent making them rich.

Best practices to prevent ransomware attacks and spreading

Nobody wants to pay the ransom or wants to have encrypted files and encrypted data, right? So how can organizations prevent such ransomware attacks? How can you defend yourself? We’ve listed some best practices of ransomware protection for you:

• Inform and train your employees:
  • IT admins shouldn’t click on unknown links or open malicious mail attachments, and should always use strong passwords with MFA enabled.
  • Facilitate security awareness training for your employees. The above is more difficult to enforce on your employees, so it is fundamental that you make them aware and train them in cybersecurity hygiene.
  • Phishing emails and social engineering attacks are still very popular techniques with cybercriminals to target individuals to make them the gateway into the organization’s computer system. Make sure your employees are aware of these practices so that they can recognize and counter them when they face an attempt.
• Data backup:
  • Backup files and applications regularly.
  • Make sure to secure your offline data backups as well, and check that they are not connected permanently to the computers and networks that they are backing up.
• Network segmentation:
  • If you have an infected system, make sure that malware cannot spread to another computer system by segmenting production and general-purpose networks.
  • That way, if somebody is using an infected computer and infects one of the smaller networks, you can try to isolate the ransomware before it spreads further.
  • This also gives the IT team more time to remove ransomware without it spreading throughout the entire organisation.
• Review port settings:
  • Open RDP ports are one of the most common ways ransomware attacks are initiated. Using ‘naked’ RDP port 3389 to give employees remote access is opening the door for hackers and saying: “Welcome, this way please!”
  • Another port that is often targeted is Server Message Blocked port 445.
• Limit user access privileges:
  • To block ransomware from entering, define the permissions of users thoroughly.
  • Set limitations to which applications, desktops, and files they have access.
  • Add security layers in line with the Zero Trust model as you can not trust anyone, even if it’s an authorized employee. Make sure you have control over what each user or user group can access or do.

What to do if you’re a victim of a ransomware attack

What can you do if you are the victim of a ransomware attack? Let’s check out the most common ways to recover from a ransomware infection.

• Do not make a ransom payment: Firstly, stay calm and don’t rush into paying the ransom. It will only encourage criminals to keep on doing this. (And how can you be sure that the ransomware attackers will give your data back after you paid?)
• Identify the source of the ransomware: Try to find out what the point of entry of the ransomware was. Talk with your users to find out who experienced the first signs of the attack.
• Isolate the infected machines: You don’t always know how fast the ransomware could be spreading, but disconnect all devices from the network as soon as possible. This may help reduce the impact of a company-wide ransomware infection.
• Report the attack to the authorities: This is a crime, and you should report it to the police. They could also be able to help you as they have access to more powerful resources for this type of crime.
• Restore your data: If you have been taking regular backups of your data, you can use those off-site or cloud backup files to restore your data. This is why you should have a backup data strategy so you can move forward quickly without losing too much time. However, be careful as some ransomware may have been for months in your systems and therefore in your backups as well. You should always run an anti-malware solution on your backups first to check.

How can Awingu help with ransomware prevention?

Awingu is a unified workspace that makes it possible for a company to enable secure remote access to file servers, applications, and desktops for its employees. Our customer use it as an extra protection layer to secure ‘naked’ RDP, as well as to provide a secure alternative to VPNs. Users can access the workspace via the browser and nothing needs to be installed on the device. So even if they are using an infected device, there is no direct connection to the company’s network, so you don’t have to fear a ransomware infection. Awingu comes with various built-in security capabilities that will help you secure the access:

• Browser-based workspace
• Built-in MFA
• Anomaly detection and monitoring in the dashboard
• SSL encryption
• No local data on the end-user device
• Granular usage control
• Context-awareness
• …

If you want to learn more about how Awingu can help you protect your organization against ransomware attacks, click here!

Evere is a Belgian municipality with 43.000 inhabitants, in the Brussels-Capital Region with 1.220.000 inhabitants. In the municipal administration, there are about 300 computer users, working in different departments each with their own needs and work requirements. At the end of 2019, the IT team was looking for a simple and secure solution to enable teleworking for their employees.

Long before working with Awingu, the municipal administration of Evere had implemented the Citrix solution for all its users both within the municipal administration, as well as to allow employees to work remotely on an occasional basis. Over time, limitations encountered with certain specific business applications resulted in a mixed fleet of classic computers and Citrix workstations.

Too much complexity

In 2019, before the health crisis, the situation was as follows: two different solutions for workstations, one of which (Citrix) was slowly being upgraded or replaced by another solution.

“Managing two different technologies but especially the complexity of the Citrix configuration means more complex management, a higher level of skill for the IT team and higher support costs when faced with more advanced technical issues.”

“Managing two different technologies but especially the complexity of the Citrix configuration means more complex management, a higher level of skill for the IT team and higher support costs when faced with more advanced technical issues.”

Philippe Fournier
Responsible for IT at the Municipality of Evere

Working from home

To continue to make remote working possible and in anticipation of the implementation of structural teleworking, the IT team had already initiated before the start of the pandemic to look for another solution to replace their current configuration.

When the need for teleworking exploded in 2020 due to COVID, the team was pleased to have identified and begun implementing an ideal solution like Awingu.

Advantages of Awingu

Working with Awingu brings only advantages, both for the IT department and for the end users of the municipal administration of Evere, explains Philippe :

“The licensing model is very transparent and easy, especially when compared to other solutions like Citrix or VMware, where you need a consultant just to explain the model to you. Awingu offers competing licenses, so the only choice you have to make is whether to buy or rent the licenses.”

Philippe Fournier
Responsible for IT at the Municipality of Evere

In addition, he is very pleased that he can purchase Awingu through the CIBG’s central purchasing office. In their catalog, you can find Awingu licenses. All Brussels administrations that have joined the central purchasing office can buy Awingu licenses in compliance with public procurement legislation but without the administrative burden. When Philippe heard about this possibility from a colleague in Sint-Agatha-Berchem, a long-time Awingu customer (as well as 80 other local authorities in Belgium), he immediately saw the great advantage.

In addition, the IT team explained to him that it was relatively easy to install, set up and configure Awingu. For end users, Philippe adds, it couldn’t be simpler:

“Just go to the web, enter a predefined custom url, provide your username and password and you’re in. Then you can easily work with any application (legacy, web, SaaS) or file needed, all in a secure environment. If necessary, you can even mandate that some or all of the integrated MFA solutions be used at no additional cost.”

Philippe Fournier
Responsible for IT at the Municipality of Evere

For now, they are only using Awingu to facilitate teleworking in a seamless and consistent manner. Other goals are to enable secure remote access for external contractors via Awingu as well.