This site uses cookies to enhance your experience.  By continuing to visit this website, you consent to the use of these cookies. Click here to learn more about our privacy policy.

Sanfor Technologies Blog Background Image

Black Kingdom Ransomware Attacks Make IR Services Vital

2021-03-26
324
Black Kingdom RansomwareFallout from Microsoft Exchange vulnerabilities rear their ugly head again with yet another devastating ransomware attack. Following on the footsteps of DearCry ransomware attacks against Exchange servers last week, a new strain of ransomware named “BlackKingDom RansmWere” or "Black KingDom" is making news as the newest and yet, the most unimpressive strain of ransomware to strike enterprises to date.

You would think that most enterprises had already patched their ProxyLogon flaw in Microsoft Exchange, considering how well publicized the vulnerability has been, but there are still some slow-moving enterprises unaware or simply unconcerned with the issue. Security firms estimate that these 450,000 odd slow-moving businesses are mostly based in the USA. However, the USA is far from the only victim, with businesses being victimized in Canada, Austria, Switzerland, Russia, France, Israel, United Kingdom, Italy, Germany, Greece, Australia, and Croatia.

Black Kingdom has not received rave reviews, with industry experts likening it to “script-kiddie” work. How embarrassing to have been taken down by one of the most rudimentary ransomware strains to make the news, but don’t panic yet.  Despite its simplistic construction, Black Kingdom does cause a great deal of damage. And with a very low ransom of only US$10,000, there is incentive for victims to quickly pay.

MalwareTech Blog Tweeted yesterday, “Black Kingdom ransomware is by far the worst I’ve ever seen. It does not exclude exe, dll, or sys files so in cases bricks the system. It does not track if it has been run previously, so every victim I have seen has been recursively encrypted at least 4 times. And it’s coded in python.” It seems that Black Kingdom is not relying on well written code or sophisticated hacking techniques to make its quick buck, but on a scattershot approach with thousands of victims reported across the world.

Why Sangfor?

If you have been a victim of Black Kingdom ransomware attacks, Sangfor can help you recover your system and prevent this type of devastating loss in the future. Sangfor Technologies IR services (incident response services) provide this vital protection with the added convenience of tiered packages that work for every enterprise, vertical, size and budget.

Smaller enterprises can choose between the Essential or Standard IR Packages, which provide simple security incident assistance and reports or even further vulnerability assessment and remediation assistance before an attack occurs.

For larger enterprises, Sangfor provides their Premium IR Package, and will perform an assessment of your organizations network security and vulnerabilities, providing vulnerability assessment reports and firewall ruleset policy review reports yearly. This service eliminates the need for full-time, highly paid and underrepresented cyber security professionals and offers much needed proactive protection.  

In addition to IR services, Sangfor also provides the best and most powerful integrated security solutions through the correlation of Sangfor Next Generation Application Firewall (NGAF), Cyber Command, Intelligent Threat Detection & Response, and Sangfor Endpoint Secure. 

Sangfor NGAF, which recently received the CyberRatings.org Enterprise Firewall AAA rating, is a converged security solution designed to protect users from internal, external, existing, and future threats, with threat intelligence updated regularly to keep networks safer from ransomware. Sangfor focuses on four fundamental elements, proven to strengthen its capabilities, including security visibility, real-time detection & rapid response, simplified O&M and maintaining a high-performance application layer (L7). 

Sangfor NGAF was designed to work within the Sangfor XDDR security framework seamlessly with Sangfor’s Cyber Command platform, which significantly improves overall security detection and response capabilities by monitoring internal network traffic, correlating existing security events, and applying AI and behaviour analysis, all aided by global threat intelligence. Cyber Command uncovers breaches of existing security controls while simultaneously performing an impact analysis to identify hidden threat. Because Cyber Command integrates network and endpoint security solutions like NGAF and Endpoint Secure, the administrator’s ability to navigate and understand the overall threat landscape is significantly improved, and response to threat is automated and simplified.  

The power of NGAF and Cyber Command is formidable, but add to that Sangfor Endpoint Secure, the future of endpoint protection, managing the endpoint asset security life cycle from prevention, detection, and defence to response. Endpoint Secure provides the most accurate identification and mitigation of rogue or malicious processes and applications.   

Sangfor Technologies is an APAC-based, global leading vendor of IT infrastructure solutions specializing in Network Security and Cloud Computing. Visit us at www.sangfor.com to learn more about Sangfor’s Security solutions, and let Sangfor make your IT simpler, more secure and valuable.