Case Studies

MFA Everywhere to Stop Ransomware Anywhere: Tale of Two Organizations

Published March 24, 2022 by Nicholas DiCola

All vendors love to talk about how their products stop this or that attack. After all, protecting customers gives a sense of pride and achievement. But with Zero Networks, there’s a key difference–our product consistently stops ransomware WITHOUT requiring extra headcount or security expertise. Although no solution should ever claim to be “set and forget”, Zero Networks can at least showcase two different-sized organizations (SMB and medium-sized enterprise) who withstood ransomware attacks with virtually no security expertise as well as very little effort.

Case study #1: A small-sized law firm

A small, US-based law firm with a single person overseeing its entire IT and cybersecurity operations discovered an indication of a potential attack several days after it occurred. Further analysis of the incident indicated that it was instigated by a Russia-based cyber-attack group.

Since Zero Networks was already fully deployed, the attackers, who managed to breach one of the firm's machines, couldn't spread into any other machine and were stopped cold in their tracks with no IT intervention required.

Ransomware attacks on law firms have the potential for greater repercussions. For example, in July 2021, the large national firm Campbell Conroy & O’Neil alerted clients to a ransomware attack that took place on its systems the preceding February. The firm later admitted that the systems breached contained names, dates of birth, driver’s license numbers, Social Security numbers, passport numbers, financial information, medical information, online account credentials, biometric data, and more.

With highly sensitive and vital data, law firms of any size make a logical target for attackers. Law firms are required to keep their clients’ information confidential as a matter of professional ethics, and those that are negligent in their cybersecurity protocol could expose themselves to legal liability if that negligence results in public exposure of clients’ sensitive information.

Case study #2: A medium-sized healthcare organization

When a healthcare organization with thousands of machines experienced a ransomware incident this year, they quickly approached Zero Networks to remediate the situation. Within 24 hours, Zero Networks' Access Orchestrator automatically microsegmented their entire network and placed MFA rules across all protocols and machines. The attacker managed to get to tens of machines, but after Zero Networks was mostly deployed, the attacker could not spread anymore. Persistent, the attacker made several more attempts from many angles but was blocked every time.

Attacks on healthcare organizations are at an all time high. Last year alone, 1,203 healthcare providers in the U.S. were impacted by a ransomware incident. And the stakes go well beyond ransoms. In October, a woman in Alabama filed a lawsuit alleging a hospital had not informed her that a ransomware attack had disabled its computers, causing severely diminished care which ultimately led to her daughter's death.

So why are attacks on healthcare organizations increasing? For starters, healthcare organization have a lot more legacy operating systems they can’t upgrade due to medical equipment. The Wall Street Journal also noted that many of these attackers deployed their payloads more quickly in the networks of healthcare organizations than that of any other vertical because they thought their victims would be more inclined to pay.

How Zero Networks stopped ransomware attacks

Despite being relatively small, both firms neither had a SOC nor threat hunting capabilities, yet both were able to fend off an advanced adversary better than larger organizations with the best SOCs. How?

  • Self-service MFA network access: Zero Networks applied just-in-time privileged access with self-service MFA for abnormal activity, privileged users, and any other time extreme security was required.
  • Invisible automation: Zero Networks brought strong protection without impacting the day-to-day employee experience by automating segmentation across non risky protocols to ensure standard employee routines and interactions experience zero disruption – even during an attack.

And all of this was achieved without the use of agents, as Zero Networks deploys as a virtual appliance that is not inline, enforcing policy via remote controller for firewalls to eliminate agent management and usability headaches.