Help Protect your Agency from the Increase in Ransomeware Attacks in 2016

The frequency of Ransomeware attacks have increased significantly in 2016.  Ransomeware either locks a user interface or encrypts files on a computer or server preventing access.  Ransomeware gets installed on networks by individual users accessing suspicious websites or through attachments.  An attack by Ransomeware has the potential of being considered a breach if encrypted files contain Protected Health Information.

In light of increased Ransomeware frequency,  Armor has allowed us to share a list of suspicious IP addresses that are more uncommon and may not be included in the list of blocked IP address within your agencies intrusion detection system and/or firewalls so Server based software agencies can work with their IT department to manually include them to protect themselves from an attack.

Agencies utilizing the software in the Managed Hosting Environment are already protected by Armor.  The article from Armor is included below.

Top 15 Armor WAF/NIDS IP

In cybersecurity, it’s common to focus on ongoing attacks form the most active threat actors. However, often overlooked, stealthy threat actors that attack by sending the minimum amount of traffic needed for an exploit, hoping to slip past an intrusion detection system (IDS), are just as capable as their “noisier” peers. In the month of July 2016, Armor highlighted the 15 rarest IPs seen in its IDS events, with a large portion of them attempting SQL injection. The total events for these threat actors are just a fraction of a percentage of daily events processed by Armor.

This entry was posted in All Messages. Bookmark the permalink.