Ransomware is a type of malicious software from crypto virology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. In recent years, ransomware attacks have become increasingly common and sophisticated. These attacks can cause significant damage to organizations, including data loss, downtime, and financial losses.
Ransomware has affected organizations around the world and, in recent times, more so in the space of essential services and critical infrastructure. The Australian Cyber Security Centre (ACSC) noted a 15% increase in ransomware reports in the 2020-21 financial year. In May 2021 an outage in the network of Colonial Pipeline, a US fuel pipeline operator. This led to the panic buying of fuel, a spike in energy prices and the declaration of a state of emergency in some US states.
Not-for-profits haven’t been spared from such attacks. The health care and social assistance sector was the second-highest reporting sector of ransomware-related incidents in Australia, according to the ACSC Cyber Threat Report 2020-21. With the health sector under pressure due to the pandemic, cyber actors viewed health organizations as more vulnerable.
Major Ransomware Attacks
Acer - March 2021 – Acer had a cyberattack on its offices by hackers with the REvil Group and stole 60 GB of files.
Accenture – Aug 2021- Accenture, an IT consultancy firm’s network was breached by the LockBit ransomware.
Cognizant – Apr 2020 - IT services giant Cognizant was hit by a ransomware attack by Maze Group that led to "service disruptions" for some of its clients.
Colonial Gas Pipeline (USA) – Jun 2021 - DarkSide cybercriminal group carried out a cyber-attack on Colonial Pipeline Co. The ensuing ransomware scheme resulted in significant disruptions to US fuel transport.
The National Highways Authority of India (NHAI) - A ransomware attack on NHAI email server was reported in 2020. The attack was foiled by the security system and email servers were shut down from safety point of view.
Tech Mahindra - The ransomware attack on Pune’s smart city project by Tech Mahindra that affected 25 servers. Servers impacted by ransomware attack were recoverable with no commercial impact.
Ransomware Mitigation Best Practices
Email Security Best Practices Email is a common delivery method for ransomware. To prevent attacks, it's important to implement email security best practices such as: using spam filters, blocking certain file types, and training employees on how to identify and avoid phishing scams.
End Point Security Best Practices Endpoint devices such as computers and mobile devices are often targeted by ransomware. To protect these devices, it's important to implement endpoint security best practices such as: using antivirus software, implementing software restrictions, and keeping software up to date.
Network Security Best Practices Network security is crucial for preventing ransomware attacks. Best practices include using firewalls and intrusion detection systems, implementing network segmentation, and monitoring network traffic for suspicious activity.
Mitigation Measures
All critical data should be regularly backed up.
Any Remote Access utilities must be disabled immediately. If required to provide remote access, it must be given to authorized person for a limited period only and thereafter it should be disabled.
Remove AnyDesk from all the machines. Use proprietary commercial solutions for this purpose.
Security Awareness Training for Senior Management, IT Dept and all the IT users should be conducted on priority.
All the Servers, Desktops & Network & Security devices should be hardened and VAPT should be carried out for the nodes.
File Sharing (SMB) services to be disabled or permitted on need-to-know basis with proper change management process.
Data Leak Prevention services/ Endpoint security solution should be implemented.
SOC (preferably on-premises) may be implemented to enhance security and for real time threat monitoring to avoid any cyber-attack.
Comments