Learn these lessons from a ransomware attack
Welcome to Cyber Security Today. It’s Monday October 19th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below:
Today I’m going to talk about a ransomware attack last month by one of the most successful cyber gangs out there, and the lessons executives and IT pros can learn.
Cybersecurity experts have given the gang a number of names, but it’s often called Ryuk after the strain of ransomware it prefers. According to one estimate, the Ryuk gang has forced organizations to pay it millions of dollars since 2018.
The details of this particular attack come from an analysis by the security firm Sophos, one of whose products was used by the victim organization. The analysis gives an idea how determined and creative an attacker can be, and why your organization’s IT staff and defences have to be equally determined and creative.
The attack started on Tuesday Sept. 22nd with several employees getting highly-targeted phishing emails from a supposed customer. Each included what was said to be a document relating to money owing. That document was infected. The company’s spam filter recognized and quarantined the attachment, but one employee opened it anyway. It asked the user to enable editing so it could be read. I’ve warned listeners before that an attachment requiring permission to enable editing or macros is a sign of danger. By doing this the malware in the attachment is allowed to run. However, in this case the employee was too trusting and went ahead.
That particular malware installed a beacon which ..
Support the originator by clicking the read the rest link below.
