Over the last few years, the battle against Ransomware has resulted in many companies and organizations investing in their backup solutions to restore their environment if it gets encrypted Unfortunately, that’s no longer enough. The threat actors' modus operandi has adapted and changed to those protections, and they now also using blackmail to get more money with ransom notes exceeding USD 50M. The ransom note that hit the well-known company Garmin is rumored to have exceeded 100M USD.
In the last few days, we have seen evidence where hackers have leaked and abused critical information in the Nordics. In one case the leaked data included Classified documents. In a second case, data was used to ransom patients in Finland, by threatening them using sensitive data, including session notes from their psychiatrist.
Making sure your backups are safe, and working is part of the recovery solution. But it’s not solving the real problem! Every company and organization should assess and determine what critical data and information they have: customer data, personal information, business-critical info, biotech studies, etc. And then investigate how the data is protected. How can we restrict access to confidential information? How can we encrypt that information and store the keys in a safe place (not in the same database or location! – (we've seen this before).
Call to Action:
- Identify your critical data that will hurt your company if it leaks: either financial damage, reputation damage, or cause production downtime.
- Ensure there is enough logging to see who, when, where, and what data was accessed and exfiltrated.
- Establish a detection capability—people who are actively monitoring your environment 24x7. We regularly see “from breach to full encryption” in less than 2 hours!
- Look into how you can protect your "crown jewels" and implement protective solutions.
- Explore how you can protect your IT environment so you don’t get a breach and implement all those solutions.
Frequently we find using many third-party applications, where you need licenses, specialist competence, and training to stay up to date is typically no better than investing the same amount of money into the Microsoft Platform. A great example is the Microsoft 365 E5 solution which not only provides a strong overall protection package but many of your basic license needs, such as Windows 10 Enterprise, and your e-mail account at the same time.
If you need help with any of these steps or assistance in identifying your potential weaknesses, bring in a team of experts for a Health Check or a Red Team engagement to simulate a real cyber attack. I promise you will be amazed and shown how important it is to take action now.
That's something we help organizations with daily, more info is available here: How we help
When data is stolen, it’s too late, and whatever you do, you can’t stop the spread of the information. So take action now before it’s too late
If you do have an incident, we are here to help you with getting back in business as fast as possible, our well known Incident Response Team is always ready and on stand-by; Cyberattacks and Security Incident Response