Blog

State Of Texas Whacked By Ransomware

Should Have Had CoreView

In late August, a massive and coordinated ransomware attack crippled computers and locked data in 22 small Texas towns, bringing local government agencies to their knees, and forcing Gov. Greg Abbot to mandate a Level 2 Escalated Response, meaning the IT emergency was more than local responders could handle.

Hoping to prevent a repeat of the ransomware debacle, the Texas Department of Information Resources (DIR) sent out a bulletin to approximately 1,300 State and Local Government Entities across Texas. The directives, sent August 20 in the very midst of the attacks, offered step-by-step actions to prevent further spread of the existing attack, and create more ransomware-resistant Texas agency systems.

We read the DIR bulletin, and closely analyzed its directives: CoreView’s SaaS management platform for Office 365 will assist Texas government entities to effectively and efficiently implement these DIR directives.

Here is our analysis of six DIR directives, and CoreView recommendations for complying with the bulletin, and actions to validate compliance and remediate issues: 

1. DIR recommendationKeep software patches and anti-virus tools up to date. 

To insure an update and safe environment, run CoreView CoreAdmin Reports to validate workstation and especially mobile device reports for appropriate versions of up-to-date software. You can also view Mobile Device Management, Multi-Factor Authentication, and other policy applications. 

2. DIR recommendation: Create strong unique passwords that are changed regularly. 

Run CoreAdmin Reports to identify accounts that do not have password expiration set — especially service accounts — and apply changes in bulk using CoreAdmin delegated admin facilities. 

3. DIR recommendation: Enable multifactor authentication, especially for remote logins. 

Use CoreSecurity Audit Sign-In Reports to identify not only remote login attempts, but also discover targeted accounts, MFA status, failure reasons, and get the remediate MFA status directly from the CoreView reports.

If any devices are flagged as infected, either from CoreSecurity or other platforms, run a CoreSecurity fileaccess and fileaccessextended report for the device owners. For known affected organizations or departments, run the report for all users. You can also contact CoreView Support and get a proactive CoreScan.

4. DIR recommendation: Modernize legacy systems and ensure software is as current as possible.  

CoreView can validate your workstations and insure software is up to date, AND you can run CoreSecurity Azure AD Reports to document 3rd-party applications granted and utilizing access to Azure AD.

5. DIR recommendation: Limit the granting of administrative access. 

Enabling CoreSuite activates auditing for all Office 365 workloads, and surfaces all of the Microsoft E5 security tools, even if there is only 1 E5 license enabled. 

Giving global admin rights to too many people is one of the worst things you can do to your network security. Instead, leverage CoreAdmin’s functional least-privilege access and Role-Based Access Control (RBAC) functions to quickly create a least-privilege access model that restricts admin rights to only what is actually needed.

CoreView also stores an external, immutable log of every administrative action for the life of the platform.  Every agency should be able to produce this type of information.

6. DIR recommendation: Perform regular, automated backups and keep the backups segregated.

Backup are crucial for surviving ransomware – since it is the data itself that is compromised through encryption.

At the same time, ensure auditing is enabled across all workloads is also crucial as it lets you performance forensic analysis and see in detail how the ransomware spread. You should store access and audit logs in a separate and immutable location and define how long you want these logs retained by enabling CoreSecurity. 

With CoreView, you can ensure your Microsoft environment is correctly configured, and meet guidelines such as those that are part of these Texas DIR requirements. All this greatly increase your chances of blocking or at least surviving ransomware.

Learn How CoreView Protects Your Environment, and More

Want to learn how CoreView prevents overspending on licenses, underusing applications, or mismanaging security and configurations? Our free CoreView Office 365 Health Check  diagnoses all your Office 365 problems. Sign up for an Office 365 Health Check and we will build a detailed 20-page report to cure your Office 365 ills.

Not ready for a full custom report? You can still take a look at a Health Check sample report.

Want to see firsthand how CoreView solves Office 365 problems and tightens security, just request a demo.

For the last 23 years, Smith has worked as a consultant for IBM, Dell, EMC, and Microsoft on projects spanning 6 continents.  I was with Microsoft Consulting Services for 10 years, ending as a Principal Consultant for their Public Sector Cloud Services practice.  I’ve deployed over 2 million seats of Office 365, and completed Microsoft’s Exchange Ranger training.