It has been reported that Saudi Aramco is being held to ransom by cybercriminals, who are demanding $50 million over the leakage of some of the company’s data.
<p>Cybercriminals will always target the weakest link in the chain and this very often lies among third party suppliers, making it increasingly difficult to mitigate against. However, we are continuing to see this rampant explosion of ransomware attacks targeting businesses of all sizes and the demands are becoming more eye watering each time. The addition of a data leak simply adds fuel to the fire. Unfortunately, there remains no silver bullet, but preventative measures can still withstand the majority of attacks and protection methods must reflect this increase in data leaks bolted on too. </p>
<p>Better back up procedures are vital and testing the restore functionality is just as important to recover from an attack should the worst happen. Segregated, offline data also needs to be stored correctly, staff awareness training and MFA implementation all help fight the war on ransomware and are cheaper than the demands we are all too familiar with nowadays.</p>
Last edited 1 year ago by Jake Moore
Mitch Mellard , Principal Threat Intelligence Analyst
<p>While it is not known if Saudi Aramco has paid the demand, many organisations may find themselves in a similar position and will have to assess whether to lose important data or make the news as \"breached\" and risk ruining their reputation.</p>
<p>When data loss threatens operations or could put an organisation out of business entirely, sometimes taking the financial hit seems like the lesser of two evils. Cybercriminals are aware of this which is why these demands are so high just now, and a lot of the time they will amount in a pay-out. However, paying ransom demands is never something we recommend.</p>
<p>Ransom attacks are here to stay and as double-extortion incidents are becoming increasingly prominent, businesses need to prepare solid incident response strategies and plans, to minimize the impact of a breach.</p>
<p>The cyber-security posture of a partner can play a significant role in avoiding supply-chain compromisations, so organisations should be implementing regular cybersecurity controls, via internal or external assessments, to minimize the risk of data exposure.</p>
<p>Cybercriminals will always target the weakest link in the chain and this very often lies among third party suppliers, making it increasingly difficult to mitigate against. However, we are continuing to see this rampant explosion of ransomware attacks targeting businesses of all sizes and the demands are becoming more eye watering each time. The addition of a data leak simply adds fuel to the fire. Unfortunately, there remains no silver bullet, but preventative measures can still withstand the majority of attacks and protection methods must reflect this increase in data leaks bolted on too. </p>
<p>Better back up procedures are vital and testing the restore functionality is just as important to recover from an attack should the worst happen. Segregated, offline data also needs to be stored correctly, staff awareness training and MFA implementation all help fight the war on ransomware and are cheaper than the demands we are all too familiar with nowadays.</p>
<p>The extortion technique Saudi Aramco is experiencing is currently on the rise and many organisations across the world are suffering these double-hit attacks. However, to pay or not to pay can be a difficult conundrum. When systems are taken down, services are halted and a businesses’ data or IP are at risk, some businesses feel they have no choice but to pay. Ransomware is now a threat to critical infrastructure and our national security. That’s why Talion have launched <a href=\"https://u7061146.ct.sendgrid.net/ls/click?upn=4tNED-2FM8iDZJQyQ53jATUUox-2BxtNZwpSeQZnsEN9y05nG0Ca00ZN1yMnxkI-2Ft-2B6KuQfC_S3RA1gMvL7v1TdZrqvF2X48vY2LyH9KYdxKxBaPFp6Fl1TEEsXDQbgk-2FWPw9Ah5nwh5z3HPLIw79cePUeHvYGbACtpGEOUo9gKA7RdPV7CHYnRZ1BgjoepqPsAq5T4X7K-2Bw26wspumVv2xNKnDUQkfxPJ6aVVk-2FwldBR9xaYxGindPJzLpGaIG13aCZFZDZ7Te44ehV-2F-2B1KYcqpz4k3Psgj-2BksR-2FNfoYuTe-2FeA2eX1N5c2Oj68afa7o12bEcs1piMYcirLXfrhtHXdIU8ZKu3bVeVniNii6jiCM-2BMIlv1ljgcGrOKh42EoEtkv6TdrpgSIbHPSPlJEYBj6xK2qpSaGduF9slFKJpq7MEpnDSrg8ESkmDeafLYO58MnT1sO63\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"https://www.google.com/url?q=https://u7061146.ct.sendgrid.net/ls/click?upn4tNED-2FM8iDZJQyQ53jATUUox-2BxtNZwpSeQZnsEN9y05nG0Ca00ZN1yMnxkI-2Ft-2B6KuQfC_S3RA1gMvL7v1TdZrqvF2X48vY2LyH9KYdxKxBaPFp6Fl1TEEsXDQbgk-2FWPw9Ah5nwh5z3HPLIw79cePUeHvYGbACtpGEOUo9gKA7RdPV7CHYnRZ1BgjoepqPsAq5T4X7K-2Bw26wspumVv2xNKnDUQkfxPJ6aVVk-2FwldBR9xaYxGindPJzLpGaIG13aCZFZDZ7Te44ehV-2F-2B1KYcqpz4k3Psgj-2BksR-2FNfoYuTe-2FeA2eX1N5c2Oj68afa7o12bEcs1piMYcirLXfrhtHXdIU8ZKu3bVeVniNii6jiCM-2BMIlv1ljgcGrOKh42EoEtkv6TdrpgSIbHPSPlJEYBj6xK2qpSaGduF9slFKJpq7MEpnDSrg8ESkmDeafLYO58MnT1sO63&source=gmail&ust=1627120392628000&usg=AFQjCNHOUDz9iJ2rzaGB3YAivUtr13SERA\">#RansomAware</a>, a movement to start sharing information, exchanging ideas and pooling intelligence so that we can develop policies that support UK businesses in defending themselves and in fighting back against ransomware.</p>
<p>While it is not known if Saudi Aramco has paid the demand, many organisations may find themselves in a similar position and will have to assess whether to lose important data or make the news as \"breached\" and risk ruining their reputation.</p>
<p>When data loss threatens operations or could put an organisation out of business entirely, sometimes taking the financial hit seems like the lesser of two evils. Cybercriminals are aware of this which is why these demands are so high just now, and a lot of the time they will amount in a pay-out. However, paying ransom demands is never something we recommend.</p>
<p>Ransom attacks are here to stay and as double-extortion incidents are becoming increasingly prominent, businesses need to prepare solid incident response strategies and plans, to minimize the impact of a breach.</p>
<p>The cyber-security posture of a partner can play a significant role in avoiding supply-chain compromisations, so organisations should be implementing regular cybersecurity controls, via internal or external assessments, to minimize the risk of data exposure.</p>