SonicWall VPN flaw could allow hackers to hijack your sessions, so patch now - Related to allow, defend, kb5051974, so, hijack

How to defend against ransomware: Essential mitigation strategies

Serving tech enthusiasts for over 25 years.TechSpot means tech analysis and advice you can trust.

Why it matters: Ransomware is a type of malicious software that cybercriminals use to encrypt data or lock a victim's system, holding it hostage until a ransom is paid. The attackers typically demand payment in cryptocurrency to restore access, though paying does not guarantee recovery. Ransomware poses a significant threat to businesses of all sizes, which are now in need to implement mitigation strategies to combat this growing problem.

In the healthcare industry alone, ransomware has caused nearly $22 billion in downtime losses over the last six years. Globally, ransomware costs are expected to reach $265 billion by 2031.

This guest blog post was written by the staff at Pure Storage, an US-based publicly traded tech corporation dedicated to enterprise all-flash data storage solutions. Pure Storage keeps a very active blog, this is one of their "Purely Educational" posts that we are reprinting with their permission.

While there is no way to completely "beat" ransomware, companies can take significant steps to prevent attacks and minimize damage when they occur. Read on to explore key ransomware mitigation strategies – including regular data backups, employee training, and strong security measures – and the technology needed to support them.

Ransomware attacks typically begin with phishing emails, malicious downloads, or exploiting vulnerabilities in software systems. Once activated or deployed, ransomware can spread rapidly across networks, crippling operations.

The most common types of ransomware are:

Encryption ransomware: This type encrypts files and demands a ransom for the decryption key, making it one of the most devastating forms of attack.

This type encrypts files and demands a ransom for the decryption key, making it one of the most devastating forms of attack. Locker ransomware: Instead of encrypting files, this type locks individuals out of their devices, preventing access to the system entirely.

Instead of encrypting files, this type locks customers out of their devices, preventing access to the system entirely. Double extortion ransomware: Attackers not only encrypt data but also threaten to leak sensitive information if the ransom isn't paid.

Ransomware mitigation is essential for businesses of all sizes, as the consequences of an attack can be devastating. Cybercriminals increasingly target organizations with weak defenses, knowing the potential for high payouts. Without effective ransomware mitigation strategies in place, businesses risk severe disruptions and long-term damage.

The potential impacts of a ransomware attack include:

Financial loss: Ransomware cost businesses a record-high $1 billion in 2023.

Ransomware cost businesses a record-high $1 billion in 2023. Data loss: If attackers encrypt or destroy critical data and backups are insufficient or compromised, the loss can be irreversible.

If attackers encrypt or destroy critical data and backups are insufficient or compromised, the loss can be irreversible. Reputational damage: clients and partners may lose trust in a business's ability to safeguard sensitive information, affecting long-term relationships and market credibility.

Here are the best ransomware mitigation strategies companies can start implementing now.

If you're not backing up your data, you're making your organization extremely vulnerable to ransomware. Regular data backups are a cornerstone of effective ransomware mitigation. In the event of an attack, having recent and accessible backups ensures that critical data can be restored without succumbing to ransom demands. This strategy minimizes downtime, financial loss, and operational disruption.

To maximize the effectiveness of data backups, consider the following best practices:

Backup frequency: Perform backups daily or more frequently, depending on the criticality of your data. This ensures minimal data loss in case of an attack.

Perform backups daily or more frequently, depending on the criticality of your data. This ensures minimal data loss in case of an attack. Storage locations: Follow the 3-2-1 rule: Keep three copies of your data (production, local backup, and off-site backup) across two different media types, with one copy stored off-site or in the cloud.

Follow the 3-2-1 rule: Keep three copies of your data (production, local backup, and off-site backup) across two different media types, with one copy stored off-site or in the cloud. Immutable backups: Implement immutable backups that cannot be altered or deleted for a set period. This prevents ransomware from encrypting or corrupting backups, ensuring a reliable recovery option.

Implement immutable backups that cannot be altered or deleted for a set period. This prevents ransomware from encrypting or corrupting backups, ensuring a reliable recovery option. Testing backups: Regularly test backups to verify their integrity and ensure they can be restored quickly when needed.

Regularly test backups to verify their integrity and ensure they can be restored quickly when needed. Encryption and access control: Encrypt backups to protect against unauthorized access and limit access to only trusted personnel.

Employee training plays a pivotal role in ransomware mitigation, as human error is one of the most common entry points for cyberattacks. Educating employees about ransomware risks and tactics empowers them to act as the first line of defense.

Key topics to include in training sessions are:

Encourage the use of secure websites, strong passwords, and caution when downloading files or visiting unfamiliar sites. Incident reporting: Ensure employees understand the importance of reporting potential security threats immediately to IT teams.

Ensure employees understand the importance of reporting potential security threats immediately to IT teams. Use of multi-factor authentication (MFA): Highlight the added security provided by MFA in protecting accounts from unauthorized access.

Integrating employee training into a broader ransomware mitigation plan ensures that your workforce remains vigilant and prepared, reducing the likelihood of successful attacks and strengthening your organization's overall security posture.

Network segmentation is the practice of dividing a network into smaller, isolated segments, each with its own security controls. This approach is a powerful tool for ransomware mitigation, as it limits the spread of malware and protects sensitive data even if one segment is compromised.

To properly implement network segmentation:

Assess and map the network: Identify all assets, applications, and data flows to understand how they interact. Define segmentation policies: Categorize assets based on their sensitivity and functionality, and assign appropriate access controls. Implement virtual LANs (VLANs) and subnets: Use VLANs and subnets to create isolated segments within the network. Control access with firewalls: Configure firewalls to enforce rules between segments, ensuring only authorized traffic flows between them. Adopt zero trust principles: Require verification for every device and user accessing a segment, minimizing potential entry points for attackers. Test and monitor: Continuously test segmentation policies and monitor traffic for signs of compromise or misconfiguration.

Creating an incident response plan is a key part of cyber resilience. It helps with ransomware mitigation by providing a structured approach to detect, respond to, and recover from attacks.

Without a clear plan, businesses risk delays in containment and recovery, leading to prolonged downtime and greater financial and reputational damage.

The key components of an effective incident response plan include:

Defined roles and responsibilities: Assign specific tasks to team members, such as containment, communication, and forensic analysis, ensuring a coordinated response.

Assign specific tasks to team members, such as containment, communication, and forensic analysis, ensuring a coordinated response. Effective communication strategies: Establish internal and external communication protocols, including how to notify stakeholders, consumers, and authorities while preserving confidentiality.

Establish internal and external communication protocols, including how to notify stakeholders, clients, and authorities while preserving confidentiality. Containment steps: Detail how to isolate infected systems to prevent the spread of ransomware and remove the malware from affected devices.

Detail how to isolate infected systems to prevent the spread of ransomware and remove the malware from affected devices. Recovery procedures: Include steps for restoring systems and data from backups, verifying the integrity of recovered data, and resuming normal operations.

Include steps for restoring systems and data from backups, verifying the integrity of recovered data, and resuming normal operations. Legal and regulatory considerations: Address compliance requirements for reporting incidents and managing sensitive data.

Address compliance requirements for reporting incidents and managing sensitive data. Regular testing and updates: Test the incident response plan regularly through tabletop exercises and simulated ransomware attacks to identify gaps and ensure the team is prepared. revision the plan periodically to reflect new threats, technologies, and organizational changes.

Ransomware attacks continue to be a pervasive threat, making ransomware mitigation strategies a top priority for businesses. By taking proactive steps, including testing and updating these measures, businesses can minimize the impact of ransomware attacks and safeguard their operations, data, and reputation.

Don't wait for an attack to happen-start implementing ransomware mitigation strategies today to secure your organization's future.

At a glance Expert's Rating Pros File backup and sync, disk imaging, disaster recovery.

Old Faithful is going off again. Acer’s Nitro V is consistently one of the best-selling gaming laptops out there, because it offers some solid specs t......

After user backlash, Microsoft removed the “Edge uninstall” document, which contained instructions on how to uninstall the browser but only had text p......

SonicWall VPN flaw could allow hackers to hijack your sessions, so patch now

Bishop Fox found a way to abuse a SonicWall VPN flaw.

It allows threat actors to bypass authentication and hijack sessions.

There are thousands of vulnerable endpoints.

A major vulnerability in the SonicWall VPN which can be exploited to hijack sessions and access the target network has now seen its first proof-of-concept (PoC) attack, meaning it’s only a matter of time before cybercriminals start exploiting it in the wild.

In early January 2025, SonicWall raised the alarm on a vulnerability in SonicOS and urged its customers to apply the fix immediately. The flaw is tracked as CVE-2024-53704, and described as an Improper Authentication bug in the SSLVPN authentication mechanism. It was given a severity score of [website] (critical) and was stated it could be abused to allow a remote attacker to bypass authentication.

It impacted SonicOS versions [website] (up to [website], [website], and [website] SonicWall released versions SonicOS [website] and later, [website] and higher, [website] and higher, and [website] and higher, to address the bug. At the time, there were more than 4,500 internet-exposed endpoints.

Protect yourself from identity theft online Go Incogni and get 55% off using code TECHRADAR. Incogni erases you and your family from the sites that expose your personal information to identity thieves and robocalls.

Now, since SonicWall clients were given enough time to patch, security researchers from Bishop Fox came forward with more details about the vulnerability, as well as a PoC. After a “significant” reverse-engineering effort, Bishop Fox unveiled the vulnerability could be exploited by sending a custom-built session cookie containing a base64-encoded string of null bytes to the SSLVPN authentication endpoint.

This results in the endpoint assuming the request was associated with an active VPN session and incorrectly validates it. As a result, the target is logged out, while the attacker gets access to the session, including the ability to read the victim’s Virtual Office bookmarks, access VPN client configuration settings, open a VPN tunnel, and more.

"With that, we were able to identify the username and domain of the hijacked session, along with private routes the user was able to access through the SSL VPN," the researchers mentioned.

bonehead123 Well, unless my eyes are deceiving me, this does NOT look very.

Microsoft will release the last revision for Windows 10 with the Patchday on October 14, 2025, after which this version of Windows will no longer receiv......

These actually offer little benefit over the existing TB3-adaptors and use the same or nearly the NICs (Marvell Aquantia AQC113C in the QNA-UC10G1T vs......

Windows 10 KB5051974 update adds a new app without asking

Microsoft has released the KB5051974 cumulative modification for versions 22H2 and 21H2, adding security fixes and patching a memory leak. However, as Bleeping Computer reports, the modification also includes a surprise: the new Outlook for Windows app.

The enhancement is mandatory because it includes the January 2025 Patch Tuesday security updates. Once you install it, you will notice the new app icon near the classic one in the Start Menu’s apps section. Since the new app can operate concurrently, you don’t have to worry about interfering with the old one.

The modification also fixes an issue where the Snipping Tool—used for taking screenshots—and the Capture Service would stop working when using specific keyboard shortcuts with the Narrator feature active. With the new modification, you get a total of eleven changes or fixes. Here are a few noteworthy ones:

The code 10 error message “This device cannot start” is fixed. It started after you downloaded the January 2025 security revision.

Bing will stop giving you automatic suggestions in the search box for search engines like Baidu.

No more issues with USB audio devices when using a digital-to-analog converter (DAC).

The Windows 10 enhancement also fixes a problem where USB cameras would not correctly recognize when turned on.

Microsoft also fixed the issue that drains virtual memory, which can cause apps to stop working.

Despite the fixes in the Windows 10 modification, forcing an app on consumers can generate negative feedback. But if you think about it, you can at least understand why Microsoft might have done this with the classic Outlook app getting an official April 2026 “death date.”.

The premium digital tablet familiar to the desks of the world's top illustrators, photo editors, videographers and 3D sculptors is now in perfect harm......

The NVIDIA RTX 5070 Ti gaming GPU is expected to be available starting February 20, although whether gamers are going to be able to purchase one anyti......

BIOSTAR, a leading manufacturer of IPC solutions, motherboards, graphics cards, and PC peripherals, is excited to introduce the MS-X6413E industrial s......