It is not possible to forget ransomware, just this week our engineers have updated a client’s back-up to one that is ransomware compliant – meaning, among other things, that the threat actors cannot access and so encrypt or alter the back-up during their attacks. Up to this point the client was dealing with their own back-ups, then we took over the support and now they have a back-up that will give real protection.
Ransomware generally gets into most businesses and organisations through a malicious email being opened and a file opened or a link clicked on. As I have said before, make sure you have the best anti-virus and advanced threat protection installed and then train your team to recognise phishing emails and social engineering attacks – as your technical defences will be evaded by some of the spam email.
Then you need a plan that covers your team’s response if all your defences fail and you are breached and covers your road to recovery and getting back to business. We have one do you?
Below are a few of the high profile ransomware incidents from around the world this week. High value, high profile cases that I am sure had cyber security precautions in place.
New ransomware hits Windows, Linux servers of Chile govt agency (bleepingcomputer.com)
Montenegro hit by ransomware attack, hackers demand $10 million (bleepingcomputer.com)
You may not be the primary target if you get ransomware – I am sure the Conti ransomware gang has not heard of your business, but if you get infected as collateral damage, they will happily collect a ransom from you if you do not have a resilient plan in place. That plan may be that you get infected but without paying the ransom you can recover your business from back-ups and other systems you use.
However this next story is why you do not just rely your recovery plan, but you do have strong cyber security defences in place:
LockBit ransomware gang gets aggressive with triple-extortion tactic (bleepingcomputer.com)
The LockBit gang, which has a public facing branch of the organisation, LockBitSupp, so victims can contact and the gang can make press releases about their illegal activity, has announced a new triple threat ransomware approach. They will encrypt your data and demand a ransom, if they have exfiltrated your information they will release it into the public domain unless you pay the ransom and they will hit your internet presence with a DDoS attack to interfere and disrupt your operations unless you the ransom.
Back-up allows you to deal with the encryption without paying, but the other two threats need more sophisticated defences – starting with a good cyber security review.
And if you think this only happens to businesses and organisations that have a lot of money, then think again. Gloucester City Council was back in the news this week as it has still not recovered from a cyber attack from last December.
Well after all that doom and gloom, thank goodness it is Friday and you can now go and read this:
Clive Catton MSc (Cyber Security) – by-line and other articles
CyberAwake | Cyber Security Experts and Awareness in Lincoln