Has HC7 GOTYA? Remembering the Importance of the Basics
As IT Professionals it is very easy to get caught up in the new hotness. We are often, by temperament, interested in whatever is new and shiny. This is highly laudable but we have to continue to focus on doing the basics and doing them well.
In the last week we have been hearing reports of some firms being hit with a particularly nasty Ransomware by the name of HC7 GOTYA. This particular variant compromises the network via Remote Desktop Services and then replicates itself across the network using PSExec. (For a good explanation go here)
One cannot, obviously, deny our attorneys remote access but there are some basic things which should be immediately reviewed. If you currently have direct access to an RDS server from public networks via port 3389 address this TODAY! You should immediately be deploying an RD gateway to broker connections from the outside world to your internal resources. The RDP Gateway allows multiple forms of access control; first at the gateway itself and then with authorization policies to the wider network. If you do not have an RD Gateway style solution for your existing RDS environment please stop reading and starting working on this immediately.
I would also encourage you to ensure that you continue to have good backups. Do you maintain multiple copies of your backups? Do you test these backups for veracity and completeness? Are you comfortable with your DR plan in case of catastrophic loss? (Can you get media, do you know your licensing, etc.) Take this opportunity for a good hard look at your environment and gain some piece of mind.
Remember it’s these basic items like backup and architecture which can and will save your bacon in the face of an increasingly hostile world.