Following the news that:
U.S. Charges 3 Iranian Hackers and Sanctions Several Others Over Ransomware Attacks]
U.S. Charges 3 Iranian Hackers and Sanctions Several Others Over Ransomware Attacks (thehackernews.com)
This latest announcement and joint cybersecurity advisory highlights the rise in ransomware attacks. Whether state-backed, by criminal groups, or even individuals, the bottom line is they don’t necessarily care about who the victim is. Their goal is to ransom the victim companies for as much as they can. In that same manner, we recommend that companies not assume that just because they’re not a critical infrastructure vendor, or a huge retailer, that they are not impacted. These companies can easily be a target, and potentially a victim.
At SafeBreach we recommend that all companies use a sound and tested backup policy, and continuously validate their security controls, leveraging real attack simulation tools against the threats, techniques and procedures (TTPs) the malicious actors use.
The threat of Iranian state sponsored cyber attacks remains real and today’s Department of Justice indictments of three Iranian nationals is a stark reminder that they too provide safe haven to citizens carrying out illegal attacks on governments and enterprises around the world. In addition, the U.S. Treasury Department sanctioned 10 individuals and 2 companies for their affiliation with Iran’s Islamic Revolutionary Guard Corps. Cybereason has extensive experience tracking many Iranian backed APT groups, including Moses Staff. This infamous group has been targeting global organizations in the U.S., Israel, Germany, Italy, UAE and beyond, to further the geopolitical goals of the Iranian regime. One of their recent campaigns involved infiltrating companies and stealing sensitive data and then deploying destructive ransomware to cause operational disruptions and make the task of forensics investigations more difficult.Today, we know all too well that Russian ransomware gangs have long been ignored by Vladimir Putin and the safe haven he provides for their illegal activity is what fuels the multi-billion dollar ransomware economy led by Conti Group, REvil, Black Matter, Clop and LockBit, amongst others.
While ransomware continues to be a clear and present danger to public and private organizations around the world, the bottom line is that you can’t pay your way out of ransomware. Unless it is a matter of life and death, don’t pay. And to protect against ransomware attacks both public and private sector organizations should prepare in peacetime by practicing good security hygiene and regularly updating and patching operating systems and other software.
In addition, conduct periodic table-top exercises and drills and include people beyond the security team all the way to the executive suite. Organizations should also ensure clear isolation practices are in place to stop ingress on the network and the spreading of ransomware. Also, evaluate locking down critical accounts when possible. And deploy endpoint detection and response software on your networks as it is the easiest remedy against the ransomware scourge.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics