It was reported today that Montreal’s STM public transport system is the latest victim of a ransomware attack that has affected its services and online systems.
Unfortunately for Montreal\’s STM public transport system, RansomExx ransomware actors are amongst the threat groups that have upgraded their attacks to both encrypt and steal victims\’ data. This evolution of ransomware attacks is known as \’double-extortion\’ because criminals are effectively able to ask for a double payment – one to decrypt the files, and the other to stop the stolen data from being made public.
The advice for organisations is to put in place defenses that will allow them to spot the traffic generated by the data being redirected to threat actors\’ servers – this can be done with DNS firewalling.
It is also worth remembering that phishing remains the main vector through which ransomware groups are able to make their way into their targets\’ systems. For this reason, there is really no excuse not to have an effective email filtering system in place and a cybersecurity awareness program for all employees – up to and including incentives and rewards for successfully identifying a phishing email and flagging it to your security teams. Your staff are often viewed as your biggest risk factor from a security perspective, but sensible policy can turn them into your greatest asset.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics