Are you prepared for Ransomware Attack?
April 26, 2020
Ransomware can threaten any type of organization from small to large. But SMBs (small- and mid-sized businesses) can be particularly hurt by these types of attacks. Organizations hit by ransomware attacks can suffer several types of losses. They can lose access to sensitive customer or financial data that may not be recoverable. They can lose money paying the ransom or trying to recover from the attack. And they can lose the faith of customers or users who may shy away from working with them again.
IT services giant Cognizant said that it has been hit by the Maze ransomware group in a cyberattack that has caused service disruptions.
New research from Infrascale, reports that ransomware attacks are not at all unusual in the small and medium business (SMB) community, as 46% of these businesses have been victims. And 73% of those SMBs that have been the targets of ransomware attacks actually have paid a ransom.
Maze Ransomware: Maze is not like typical data-encrypting ransomware. Maze not only spreads across a network, infecting and encrypting every computer in its path, it also exfiltrates the data to the attackers’ servers where it is held for ransom. If a ransom isn’t paid, the attackers publish the files online.
This was seen also in a November Maze ransomware attack against Allied Universal, a large American security staffing company. After the company refused to cough up the 300 Bitcoin ($2.3 million) ransom, the attackers threatened to use sensitive information extracted from Allied Universal’s systems, as well as stolen email and domain name certificates, for a spam campaign impersonating the company.
How to protect yourself from ransomware?
- Take regular backups of all critical and sensitive data.
- Update the Operating System regularly.
- Make strong password policy.
- Install Anti-virus & Anti-ransomware software and keep it updated.
- Keep other system files (like browser files, Java, Adobe Acrobat) up to date
- Test the robustness of established cyber resilience, including response to phishing and ransomware, and enhance it further.
- Perform cyber-risk assessment and revisit the cyber security strategy.
- Implement best practices and Information security framework.
- Implement Business continuity management.
How MBG Can Help?
MBG, a pioneering technology services firm. Our mission is to provide clients with a holistic and proactive approach in resolving their key business pain points & help them to improve security posture of their organization.
- Cyber security gap assessment
- Technology Audit (VAPT, Application Testing)
- Business Continuity Management & Disaster Recovery
- Cloud Security Assessment
- Data Privacy Framework & GDPR compliance
- Compliance (ISO 27001, SIA (NESA), HIPPA, PCI )
- Information Security Trainings (Phishing Simulation)
- Digital Transformation Strategy
Designation: Associate DirectorAbout Author:
Madan Mohan is leader in the Technology Advisory Services of MBG Group. He is Certified CISO, CISA, CISM, ISO27001 Lead auditor, ISO 25999 Lead auditor and DCPLA (Privacy Lead Auditor).He has over 16 years of experience in Technology security , servicing large clients and managing Information security, BCP, Privacy , Cyber Security, Risk Management, Compliance projects.