Earlier this year, a ransomware attack caused major damage to the Irish health system. Eighty percent of the entire country's IT system was encrypted. Hospitals canceled appointments and surgeries; many had significant delays. Pen and paper became the standard for patient records.
Though the ransomware gang behind the attack, Conti, ended up handing over decryption keys, it cost the government $600 million to get the system back in order.
Now, a new report from PwC showed exactly how this attack happened.
The trigger? An employee clicked on a malicious Excel spreadsheet attached to an email.
Once the attacker got in through that spreadsheet, they began placing malware. Critically, according to the report, antivirus software was set to "monitor" mode and did not block the Colbalt Strike code, even though it detected it.
The report details further missteps between the original breach and the actual ransomware being executed two months later.
This is why it's critical to prevent malicious emails from reaching the inbox in the first place. Avanan scans emails before they reach the inbox, meaning if it's malicious, it doesn't end up with the end-user.
It also underscores the importance of full-suite protection and complete malware protection. That includes Content Disarm & Reconstruction, which would've been very valuable in this case.
The attacks will keep on coming. Ensuring your security is geared for prevention, rather than remediation, has never been more important.