SYSTEM BASED ATTACK-RANSOMWARE
Ransomware is a sort of attack that has grown in importance as a danger to both businesses and individuals in the last two years. The majority of contemporary ransomware variations encrypt files on the infected system/network (crypto ransomware), however a few variants have been reported to destroy files or limit access to the system via other means (locker ransomware). Once access to the system is stopped, the ransomware demands a ransom to free the files, which is usually between $200 and $3,000 in bitcoins, though other currencies and gift cards have been detected on occasion. Ransomware variations nearly often choose victims at random, infecting a wide range of devices ranging from PCs to network devices.
RANSOMWARE ATTACKS APAC
- Tokio Marine Group, a Japanese insurance company, was the target of a ransomware attack on its Singapore branch. On July 31, 2021 some of Tokio Marine Insurance Singapore’s (TMiS) private servers were targeted and isolated to prevent further harm.
- Mustang Panda, a Chinese-linked cyber-espionage threat group, has infiltrated at least eleven Indonesian government ministries and agencies’ internal networks. Badan Intelijen Negara, Indonesia’s top intelligence service, is one of the claimed targets (BIN). A PlugX malware C2 server (managed by Mustang Panda) has been identified connecting to computers inside Indonesian government organization’s networks.
- Avaddon, a well-known ransomware gang, launched a ransomware campaign against AXA, one of the world’s leading cyber insurance companies. On its dark website, the Avaddon ransomware group claimed credit for the attack. The group claimed to have taken three gigabytes of data, including ID cards, passport copies, customer claims, reserved agreements, denied reimbursements, customer payments, contracts and reports, client IDs, and scanned bank account papers.
- In recent years, there have been numerous ransomware attacks that have impacted global businesses and their customers which includes Acer, KIA motors,colonal pipeline company, Accenture and many more.
MITIGATION OF RANSOMWARE
Secure system and network
- Incidence response plan-Have a strategy in order for what to do in the case of a ransomware attack.
- Backup and recovery-Backups are necessary. If a copy of the backups contains encrypted or infected files, use a backup system that allows several iterations of the backups to be preserved. Test backups for data integrity and functionality on a regular basis.
- Antispam solutions-Antivirus and anti-spam software should be used. Regular system and network scans should be enabled, with antivirus products set to update signatures automatically. To prevent phishing emails from reaching the network, use an anti-spam solution. Consider including a warning banner in all emails received from outside sources, reminding recipients of the risks of clicking on links and opening attachments.
- Patch management-Maintain patched and up-to-date all systems, including all hardware, including mobile devices, operating systems, software, and applications, as well as cloud locations and content management systems (CMS). If at all possible, use a centralized patch management system. To prohibit the execution of programs in frequent ransomware sites, such as temporary files, use application white-listing and software restriction policies (SRP).
- Access control policy-Access to the internet should be limited. For Internet access, use a proxy server and consider ad-blocking software. Access to typical ransomware entry points, such as personal email accounts and social networking websites, should be restricted.
End-User Protection
- Employees should be trained in social engineering and phishing. Instruct them not to read questionable emails, not to click on links or open attachments in such emails, and to use caution while visiting unfamiliar websites.
- Users should be reminded to close their browsers while not in use.
- Have a reporting strategy in place so that employees are aware of where and how to report questionable conduct.
Response plan to an Attack
- To avoid infection propagation, disconnect the infected system from the network right away.
- Check whether a decryptor is accessible. No More Ransom! an online resource, can assist.
- Files can be restored from backups that are kept on a regular basis.
- Notify the authorities about the infection.
PREVENT RANSOMWARE WITH MRC
MRC’s Access control policies includes the practice of limiting users’ access rights to only the resources they need to conduct valid, everyday tasks. Privilege access management can assist you in protecting your data from illegal access. The principle of least privilege establishes a minimum set of user rights that allows a user to access just those resources that are required to execute his or her job. It decreases the danger of unauthorized users, apps, without affecting the organization’s overall productivity.
With our contextual based Access control we can limit users based on:
- Role based access control
- Time based access control
- Location based access control
- Network based access control
- Domain based access control
With MRC’s server administration solution, maintaining server security is now easier than ever. A secure solution with built-in server security capabilities provides cutting-edge security while allowing you to focus on your business. With features like graphical session monitoring, our server administration solution helps you safeguard and manage your SSH key life cycle with our next-generation AI technology.