In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems. The Gunnebo Group is a Swedish multinational company that provides physical security to a variety of clients globally, including banks, government agencies, airports, casinos, jewelry stores, tax agencies and even nuclear power plants. The company has operations in 25 countries, more than 4,000 employees, and billions in revenue annually.
Full story here: https://krebsonsecurity.
Groups like REvil and Maze have been wildly successful at monetizing data exfiltrated from their victims. These groups which initially operated only by locking people out of their files have found that it can be even more lucrative to extort a ransom in exchange for not publishing leaked data. In some cases, the groups claim to have organized sales to interested third parties when the original data owners refused to pay.
I hope that board rooms around the world are already discussing what data they hold and the impact of not only data loss but also data disclosure. This conversation must necessarily play a significant role in making sure that IT security is being properly handled.
When it comes to ransomware attacks, it\’s important to note that the data encryption process is the last stage of the attack. The cybercriminals have already been in your network and will have either stolen the data or encrypted it.
These days, most ransomware attacks involve stealing data. Cybercriminals are increasing their ransomware attacks while leveraging exploits against unpatched and insecure devices that organizations have connected to the internet. They can discover these systems and publicly known vulnerabilities, which helps them gain access to an organization.
It is becoming more vital for organizations to have a defense in depth security program which can protect, monitor, and act quickly to any cyber attack. If they discover a ransomware attack in progress and prevent or stop the attack from happening, it\’s critical to understand that the criminals have been in the system and have possibly already stolen important information from the organization.
Technology is instrumental when matched with human involvement. Having a robust security awareness training program to ensure that employees can make smarter security decisions will help to protect an organization from various attacks.