Randstad Attack – Expert Insights

Following the recent news on Randstad reporting an attack by the Egregor group, Cybersecurity experts commented below.

Subscribe
Notify of
guest
2 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Chloé Messdaghi
Chloé Messdaghi , VP of Strategy
InfoSec Expert
December 8, 2020 10:50 am

As far as we know, Randstad never received a ransom note related to this attack, which is interesting. Since what makes ransomware so effective is if the attackers can slow down or shut down operations, they can then demand a ransom. In this case, though, from what we have learned, their operations weren’t slowed down, and companies typically pay ransom when they are. And kudos to Randstad for that – they did a good job at making sure that if they WERE ever compromised, that their data would be safe in other areas. We refer to the 3-2-1 approach: three copies of data stored across two mediums and one cloud storage provider, so you can recover from any of those three locations. The only way to avoid ransomware on backup systems is to have a plan in place, revisit it regularly, and back up very often. And there’s a good chance this is the exact kind of plan Randstad had in place.

It’s important to note, though, that this HAD to have come from a phishing email, which means someone DID click on a link. This is yet another reminder to ensure your entire organization is always aware. Every single employee needs to understand how important they are in this chain of security. Every single person has the potential to be compromised, which could open up the entire organization. Just one person! Making sure everyone understands the potential effects of clicking on a link without confirming it first is so very important. Look at the details of the sender, make sure you’re fully awake, make sure you’ve had your caffeine, be on your toes at all times.

Also, it’s good to see that they didn’t use the term “hacker” when referring to the Egregor attackers, recognizing the difference between those threat actors and the hacker community, which discovers and generally attempts to disclose vulnerabilities before an attacker can exploit them.

Last edited 2 years ago by Chloé Messdaghi
Saryu Nayyar
Saryu Nayyar , CEO
InfoSec Expert
December 8, 2020 10:44 am

The attack on Randstad follows a now-familiar pattern. The attackers get in, exfiltrate valuable data, plant ransomware to encrypt their victim\’s data, then demand a ransom while extorting them with the threat of releasing the stolen data. It is a win/win for the attacker, with the victim losing either by paying up, or suffering the public disclosure of their sensitive data

Organizations need to improve their entire cybersecurity stack, including everything from user training to advanced security analytics, to stay ahead. An up-to-date security stack and appropriate process will let them quickly identify a breach before it can escalate and, hopefully, prevent it from happening in the first place.

Last edited 2 years ago by Saryu Nayyar
2
0
Would love your thoughts, please comment.x
()
x