Skip to content

BullWall Server Intrusion Protection Brings MFA Behind the Firewall To Protect Servers and Thwart Breach Attempts

Protects RDP Sessions – The Entry Point for 50% of All Ransomware Deployments — With MFA That Detects and Prevents Unauthorized Users and Halts Breach Progression, Strengthens Cybersecurity Insurance Eligibility

VEJLE, Denmark & WILMINGTON, Del., September 7, 2023BullWall, the global leader in ransomware protection for critical infrastructure, today introduced BullWall Server Intrusion Protection to protect servers from unauthorized access resulting from the use of compromised credentials during Remote Desktop Protocol (RDP) sessions. By placing BullWall’s multi-factor authentication (MFA) between the server and any unauthorized users, organizations are protected from bad actors who may have gained entry to the network, preventing the deployment of ransomware.

BullWall Server Intrusion Protection prevents RDP session hijacking and impedes breach progression to prevent the deployment of ransomware. When an illegitimate session is detected, BullWall blocks any compromised clients and servers, and immediately issues the necessary alerts.  It’s an important new weapon in the ongoing battle against the use of stolen or compromised credentials, one of the most impactful areas of cybersecurity vulnerability for most organizations. With the surge in remote and hybrid work environments, Remote Desktop Protocol (RDP) is the entry point in nearly 50% of all ransomware attacks.

BullWall Server Intrusion Protection works together with BullWall Ransomware Containment (formerly BullWall RansomCare) to prevent and contain ransomware, protecting the organization’s most important, targeted digital assets against cyberattacks – a singularly important safeguard that can substantially impact cybersecurity insurance eligibility and terms for many organizations.

Jan Lovmand, BullWall Co-Founder and CTO, said: “Remote Desktop Protocol is the single most exploited initial attack vector, and the entry point for fully half of all ransomware attacks. We’re really excited to introduce BullWall Server Intrusion Protection to shut down RDP session-level attacks, closing a door that’s otherwise too easily opened. Together with our Ransomware Containment solution, BullWall offers organizations the strongest defense against ransomware available on the market today.”

Morten Gammelgard, BullWall Co-Founder and EVP of EMEA, shared “One of the biggest stumbling blocks to obtaining cyber insurance is the requirement for MFA on servers in addition to endpoints, for every login attempt. BullWall Server Intrusion Protection provides a game-changing MFA solution for server access that doesn’t require a second device. We’re thrilled to offer a solution that increases security, reduces user friction and stops today’s most common attack vector.”

Most security-minded organizations now have MFA in place as single logon – which proves futile against a threat actor logging into a server via RDP and then moving from there to other servers. BullWall Server Intrusion Protection blocks every step of such attacks, and demonstrates the highest levels of compliance and reporting.

To learn more about BullWall Server Intrusion Detection, please visit here.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Bullwall
BullWall is a fast-growing international cybersecurity solution provider with a dedicated focus on protecting critical data during active ransomware attacks. We are the only security solution able to contain both known and unknown ransomware variants in seconds, preventing encryption and exfiltration across all data storage types.

Ransomware attack on insurance MSP Xchanging affects clients

Global IT services and solutions provider DXC Technology announced over the weekend a ransomware attack on systems from its Xchanging subsidiary.

Xchanging is known as a managed service provider for businesses in the insurance industry but its list of customers includes companies from other fields: financial services, aerospace and defense, automotive, education, consumer packaged goods, healthcare, manufacturing.

Several customers affected

DXC Technology notified its investors in an 8-K form filed with the U.S. Securities and Exchange Commission that Xchanging has detected a ransomware attack on some of its systems.

The company reported the incident on July 5, expressing confidence that it did not spread outside the Xchanging network. For the moment, the investigation did not reveal any indication of data being affected. It is unclear when the company detected the attack.

An undisclosed number of customers was impacted by the cyberattack, denying access to their operating environment, reads the notification from the company. Containment and remediation measures were deployed to resolve the situation.

In a statement to BleepingComputer, a company spokesperson said that the problem is isolated to a subset of the Xchanging business and that customer data was not compromised or lost.

Efforts to restore services to customers are ongoing and at the moment remediation work is being done for just a few of them.

“While the revenue from those impacted customers is not material to DXC financial position, we nevertheless take this situation very seriously and have already restored services as nearly all of them” – DXC Technology spokesperson

As is typically the case with such incidents, the company is working with law enforcement and authorities on the investigation. This is also why there are few details available at this time.

There is no information about the family of the file-encrypting malware used in the attack and BleepingComputer does not know of a ransomware gang claiming the attack.

Related Articles:

Ransomware hits Technion university to protest tech layoffs and Israel

The Week in Ransomware – February 10th 2023 – Clop’s Back

Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day

City of Oakland systems offline after ransomware attack

A10 Networks confirms data breach after Play ransomware attack

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Bullwall
BullWall is a fast-growing international cybersecurity solution provider with a dedicated focus on protecting critical data during active ransomware attacks. We are the only security solution able to contain both known and unknown ransomware variants in seconds, preventing encryption and exfiltration across all data storage types.

New ransomware variant: Try2Cry!

New ransomware variant: Try2Cry! It tries to worm onto other computers by infecting any USB drive connected to the device, hoping it will be used on another computer at some point. Is uses the LNK files to disguise the malware.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Bullwall
BullWall is a fast-growing international cybersecurity solution provider with a dedicated focus on protecting critical data during active ransomware attacks. We are the only security solution able to contain both known and unknown ransomware variants in seconds, preventing encryption and exfiltration across all data storage types.