Picture of Les Spruiell
by Les Spruiell

Happy New Year and yes, it happened again. The New Year’s Eve cyberattack on the London-based foreign exchange company Travelex took most of their services offline with the ransomware known as ‘Sodinokibi’. First discovered in April 2019, Sodinokibi encrypts a machine’s file system and demands a ransom. In Travelex’s case, that ransom was $6 million and customers are still stranded without access to their money.

The initial infection was apparently through a malicious email link, and Travelex and many other companies' systems fell to an unpatched vulnerability in a VPN tool that allows Sodinokibi to jump from machine to machine though the network. Yes, these systems should have been immediately patched to prevent further infection. Systems like VPN can’t tell which traffic is bad or good and just moves packets from place to place, wreaking havoc.

Rather than teach your network to recognize known bad actors, it’s better to tell your network who the good actors are.

Zentera’s application-based zero trust security is an immune system for your business. It prevents an infection from moving through your network as only approved application traffic is allowed. How does Zentera know what’s approved traffic? Smart Discovery monitors a set of running applications and records the traffic. After a quick review by the admins, and a few clicks, that traffic becomes the only traffic allowed. Bad traffic is simply not allowed to flow.

Rather than race to patch systems with an endless stream of updates as they are discovered, it is better to ignore the bad stuff and allow the good. This approach buys you the time to patch your systems on your schedule as new exploits are discovered while preventing new infections from spreading.

Two years ago, it was WannaCry. This year, it's Sodinokibi. Actually, it’s this year so far. The bad actors out there are already working on the next evil that will be unleashed soon.