It has been reported that Gedia Automotive Group has been the victim of a cyber-attack by a gang using ransomware known as Sodinokibi. The German automotive parts maker, which is based in Attendorn, supplies lightweight chassis parts to carmakers across the world from locations including Spain, Poland, Hungary, China and the US. In an initial statement the company said that following the attack it had immediately shut down its systems to prevent a complete breakdown of IT infrastructure.
Check out my latest article: Sodinokibi Ransomware Attackers Threaten to Release Data Stolen from Gedia Automotive Group https://t.co/hQL02wusaA via @LinkedIn
— JonRuschDTG (@DtgJon) January 24, 2020
Companies can protect themselves better following some basic, standard tactics
1) Ensure good and regular backups are available to be able to recover quickly.
2) Utilise good endpoint protection
3) User awareness of phishing attacks and how to identify them
4) Ensure as much visibility of their infrastructure and users behaviour as possible to allow issues to be identified.
As phishing attacks become increasingly common, and increasingly sophisticated — often tailored to a targeted team within an organisation — companies cannot rely on defending against 100% of attacks. The best defence against ransomware is a robust Business Continuity Plan which includes regular backups, version control and thorough testing of disaster recovery procedures. Companies that leverage cloud-based storage and automatic syncing from end point devices will be well-placed to recover from such attacks, but should practice the recovery procedure to minimise downtime if an attack does occur.
In an ideal world, we wouldn\’t pay ransoms. Ever. Funding the dark side, and losing money hurts our corporations and the general public. However, some companies and institutions have no option in the world of ransomware. If operations are down long enough, businesses can be ruined; and for some organizations like hospitals or parts of critical infrastructure literal lives could be lost. How much is a life worth? Do you ever want to make that calculation?
This is not a time for panic, but we can say two things with certainty. Companies like Travelex and Gedia are not exceptional in their vulnerability. They are dealing with real pain and have a long road to recovery. They should not be vilified or pilloried for being in the crosshairs. Second, now is the time to prepare. Use peacetime and the calm of non-incident time to get ready. If you aren’t in a crisis, you should be preparing for one. Preparation means building a dialog with the business and very specifically reducing vulnerability, preventing as much as possible with traditional security, understanding risk and having a detection mindset to try to avoid having an incident.
But it also means getting ready for when you are struck: minimising the extent of damage, knowing whom to call in a crisis, having contingencies, practicing rapid recovery, building the business processes you may need when the unthinkable occurs. For now, the vast majority of companies can be excused being made a victim. However, one day we will move from the “shame me once, shame on you” phase to the “shame me twice, shame on me” phase. Now is the time to get ahead of this for shareholders, customers and constituents before the unthinkable happens.