Orange Is The New Hack: Lessons from yet another ransomware attack

Post-production company, Larson Studios, which is responsible for hit Netflix shows such as Orange Is The New Black, is the latest victim of ransomware. Those responsible stole 10 episodes from the upcoming season five of the jail drama hit series and threatened to release them online unless a ransom was paid. When these demands were not met, the cybercriminals uploaded the unseen material to worldwide torrenting sites, such as The Pirate Bay.

The hack potentially comes as good news to fans of the show, who have been eagerly anticipating the new series for months. However, the attack could cause some series issues and embarrassment for Netflix, not to mention spoiler alerts for those who want to binge-watch the series through the proper channels. Unlike Orange Is The New Black’s fictional setting, Litchfield Penitentiary, which keeps offenders inside (most of the time), traditional anti-ransomware tools often focus solely on keeping attackers out. But if they’re clever enough to sidestep your defences you can end up being held hostage to their demands. Although it’s a case of too little too late in this instance, how can other companies keep their sensitive data locked down?

The rise of ransomware

Ransomware targets unsuspecting workers who open an email attachment and unwittingly expose their company’s restricted files, folders and data to an outsider. Cybercriminals are using ransomware more and more often to make a profit out of their hacking skills with current statistics showing a global increase of 50% in the last year. While it is currently unknown how the hackers got into Larson Studios’s system, it has been confirmed that phishing was the most likely cause.

Ransomware has also become increasingly sophisticated and persuasive in recent years. The latest tactic used by scammers, a business email compromise (BEC), involves the outsider convincingly impersonating a senior-level employee in an attempt to persuade staff to share sensitive information or transfer funds. Unprepared or naïve employees will therefore find it much harder to spot this phishing attempt. By ensuring every member of staff, from the intern to the CEO, has been educated in security awareness, companies can create a culture of good IT practices and help protect themselves from this type of attack. But while prevention is always better than cure, employees are human, and there’s always that risk that they might make a simple slip. However, there are still ways to stop ransomware if you’ve already been breached.

Know your network

The key to stopping ransomware in its tracks is knowing what exactly is going on in your network at all times: who is currently logged on, what device are they using, which files are being accessed and where they are doing it from. No matter how dedicated they are, it would be completely unrealistic to expect an IT team — no matter how large — to take on the task of monitoring for suspicious activity 24×7. This is where context-aware security comes in.

Context-aware security uses information other than a genuine password to decide whether access is genuine or not. This supplemental information could be the user’s geographical location, the time of day the attempted access takes places, even the number of simultaneous logins. So, if a worker usually accesses client folders from their work desktop during regular working hours and suddenly begins to click on the folder containing bank details from a tablet at 3:00am, the system will automatically spot it and deny access. With such granular access rules in place, the network remains protected in real time, at all times.

Nothing delights a cybercriminal more than when a naïve employee unsuspectingly grants them access to a company’s juiciest files and folders. From there, they can get hold of passwords, bank details and more. Without context-aware security, once hackers have their hands on that user’s login credentials there is almost no end to damage that they can cause. But having this software in place means that even if passwords are leaked or stolen, data (or even full TV episodes) remains secure because cybercriminals won’t be able to get access, proving a valuable lesson: crime doesn’t pay.

The right access for the right person

As with a real prison, at Litchfield Penitentiary, the inmates are not allowed in certain parts of the institution. When it comes to network access, the same basic principal is true; there are certain files and folders that must remain off limits to staff who do not need to have access to them. By controlling user login rights according to a user’s role and rank, companies can restrict certain folders to ‘read only’. That way, data remains accessible to those who need it, and protected from those who don’t.

From restricting and reporting on suspicious access to sensitive files to limiting concurrent logins, UserLock and FileAudit help prevent the challenges that ransomware can cause, and unlike Litchfield, they take no prisoners.

Share this post :


Chris Bunn is the Directeur Général Adjoint of IS Decisions, a global cybersecurity software company, specializing in access management and multi-factor authentication for Microsoft Active Directory environments and the cloud.

Secured By miniOrange