By David Gugelmann, September 2019
Two years after the infamous WannaCry/NotPetya attacks, the story of ransomware is far from over. The number of Ransomware attacks has surged over the summer. Amongst the victims were the Swiss construction company Meier Tobler, the multi-billion mineral company Omya and various hospitals in Germany.
Ransomware attackers typically infiltrate a system via malicious emails and move from the infected workstation further around in a company’s IT system. The goal is to steal and encrypt critical data, and block users’ access. Businesses are forced to pay a ransom to regain control. Without proper backup processes in place, companies falling victim to a ransomware attack face the complete loss of their data. The aftermath can be dramatic. Meier Tobler estimates, that the financial loss resulting from the attack will amount to CHF 5 million.
Ransomware attacks on businesses are on the rise, warns the German Federal Office for Information. They are shifting from standardized and high quantity attacks towards fiercer, more advanced and customized attempts to infiltrate companies in a targeted manner in order to increase the ransomware sums paid. As a consequence, the number of ransomware attacks on businesses rose by shocking 365% over the last year.
What does this mean for your company and how can you protect your organization against such attacks? The first and foremost remedy against detrimental consequences from ransomware attacks is simple: regular backups to restore data. One should however not forget to disconnect the back-ups from the rest of the IT network, otherwise the attacker can simply encrypt the backups as well.
However, even without data loss, ransomware attacks can be costly for companies due to business interruptions while containing the attack.
Further, it’s likely that sophisticated attacks will not only try to encrypt data, but also steal trade secrets they discover while exploring the victims network. It seems that attackers often can easily move across the IT network of a company, allowing them to encrypt even the most critical data, as well as above mentioned backups. In most cases, this could be simply detained by a more restrictively configured firewall and more careful user management, which protects the critical servers inside a corporate network from infected workstations.
But where to start the so-called “hardening” of your firewall and how can this be done without risking blocking communication required for your normal business? Exeon Analytics’ Security Audit, the ExeonThreatReport, provides you with the perfect starting point. Exeon’s machine learning and big data algorithms analyse the data flows of your network, compare it to what they’ve “learned” to be normal and are thus able to detect existing attacks as well as weaknesses that may pose further threats. The results will enable your company to close holes in your firewall and undercut unnecessary data flows between critical servers and more exposed endpoints.
As CEO of Exeon Analytics, cyber security is the number one topic on my agenda. In this blog post, I will share the most important trends, new topics or background analyses in a condensed form. This blog post is for everyone with an interest in cyber security. Our CTO Markus Happe regularly writes about more technical topics.
Find here additional articles on the topic:
Ransomware attack targets Swiss construction company Meier Tobler
Users are often the weak link. Hackers gained access to Meier Tobler through an infected attachment to a hotel booking confirmation. Meier Tobler very transparently processes the attack to increase awareness. Cudos! Read full article
German hospitals infected by ransomware attack
13 hospitals were affected by the cyber attack, but patients were not harmed. Read full article