Has HC7 GOTYA? Remembering the Importance of the Basics

As IT Professionals it is very easy to get caught up in the new hotness.  We are often, by temperament, interested in whatever is new and shiny.  This is highly laudable but we have to continue to focus on doing the basics and doing them well.

In the last week we have been hearing reports of some firms being hit with a particularly nasty Ransomware by the name of HC7 GOTYA.  This particular variant compromises the network via Remote Desktop Services and then replicates itself across the network using PSExec. (For a good explanation go here)

One cannot, obviously, deny our attorneys remote access but there are some basic things which should be immediately reviewed.  If you currently have direct access to an RDS server from public networks via port 3389 address this TODAY!  You should immediately be deploying an RD gateway to broker connections from the outside world to your internal resources.  The RDP Gateway allows multiple forms of access control; first at the gateway itself and then with authorization policies to the wider network.  If you do not have an RD Gateway style solution for your existing RDS environment please stop reading and starting working on this immediately.

I would also encourage you to ensure that you continue to have good backups.  Do you maintain multiple copies of your backups?  Do you test these backups for veracity and completeness?  Are you comfortable with your DR plan in case of catastrophic loss?  (Can you get media, do you know your licensing, etc.)  Take this opportunity for a good hard look at your environment and gain some piece of mind.

Remember it’s these basic items like backup and architecture which can and will save your bacon in the face of an increasingly hostile world.

Did you find this helpful?

Share it on social media!

Adam is one of the co-founders of Adaptive Solutions. In his current role as CEO, Adam is responsible for overseeing all day to day aspects of the company. Under Adam’s leadership, Adaptive’ s leadership team have been able to transform the company into the leading provider of Document Management services in the United States. Along with the team, he has continually reinforced the concept of focus and becoming the best in the world in our vertical. Adam is a veteran in the field of legal technology and system integration for large legal practices. During his time in-house, Adam’s strong skills include technology leadership for numerous DMS conversions and upgrades, while taking primary responsibility for the support of all branch location technology needs. Adam is kept busy shuttling his three children, but in his spare time enjoys the recreational opportunities that only California can offer.

Leave a Comment