Back to Blog
14 Aug 2020

What you can learn from these 3 recent high-profile ransomware attacks

What is ransomware? It’s an attack that blocks user access by applying encryption to key system files and demanding money in exchange for them to be decrypted. I.e. released.

Ransomware attacks have been causing havoc for over thirty years and their popularity lies in their ease. These programs can be easily found at affordable prices on the dark web. The history of the web is littered with ransomware examples. In this article, we’ll tackle three and cover how to protect against ransomware.

 

Canon

This highly sophisticated attack affected the company’s website, it’s internal applications and users of the image.canon photo storage site.

10 terabytes of confidential data was stolen. It was carried out by the organised cyber criminals, The Maze Gang.

John Shier, security advisor at Sophos believes that like many enterprises, Cannon’s mistake was a failure to build a security foundation on the principle of least privilege. I.e. giving Cannon team members as little access as possible depending on what their role within the company required.

In addition, Rakesh Kharwal of Cyberbit – a cyber security training platform – believes training is the solution:

The right approach is to turn to immersive training in a virtual environment where cybersecurity analysts can experience real-world environments and real-world attacks.

 

Honda

News of Honda’s global operations being disrupted by a suspected ransomware attack broke on 8th June. It resulted in employees being unable to access email and internal servers.

The ransomware in question – Ekans – was relatively new and special in its ability to skip the individual devices and constrict the entire network.

Oz Alashe, chief executive of cyber risk firm CybSafe believes Honda’s vulnerability was down to their employees working from home. In his words;

The coronavirus pandemic has created a sizable remote workforce which has increased businesses’ attack surfaces and heightened existing vulnerabilities.

This thinking ties in nicely with the thoughts of Chris Kenney, CISO at the security optimisation platform AttackIQ. He believes Honda’s security was inadequately set up to effectively contain potential threats.

The fact that the ransomware affected global operations, inclusive of factory operations,
is an indicator their network may not be segmented and isolated in a way to prevent ‘jumps’ between different business functions….

One department getting hit with ransomware shouldn’t impact other core business processes.

One final point to speculate over is that Remote Desktop Protocol (RDP) was the attack point. Honda has revealed that some of their machines had RDP access publicly exposed. This is an easy win for cyber attackers. Without segmentation, this win is even easier.

 

Garmin

GPS maker Garmin reacted badly to an attack that compromised its website, customer support and its apps.

Garmin’s technology, namely their smartwatches, made this attack particularly worrying. The data at stake here was highly sensitive; location and personal health data.

There have been the typical responses from cybersecurity experts. Torsten George of Centrify reminded us that security awareness programs would have been the first line of defence for Garmin. He also stated that businesses should create application whitelists so that only specific programs could run on certain computers.

However, another large lesson for Garmin was one in crisis management. As mentioned, large amounts of sensitive user data was at risk here. Given this, Garmin’s public response was a particularly bad one. They broke the first rule of crisis management by meeting initial reports of the attack with silence. Then finally it addressed things with some mostly unhelpful Tweets.


Source, Twitter

Three days later a little information was fed as a short “frequently asked question’s page.” This failed to address customer questions regarding how their personal data or payment information was affected. An equally unrevealing email followed the day after. Finally, on the Monday, when services were being restored, a little more information was given.

 

This series of events proved that data or financial loss can be the least of a business’s worries during a security breach. Insufficient communication can result in a catastrophic trust and reputation loss.

How to prevent ransomware from ruining your business is about remembering various best practices.

As we’ve seen above, sufficient training, developing black and whitelists, principles of least privilege, and segmenting to isolate security weaknesses will all play a role. Plus, having adequate backup should go without saying.

However, if/when your ransomware protection fails, as we’ve seen above, sometimes the most important task is acceptance and good communication. With sufficient backup technology, data losses can be mitigated. But an inadequate PR response can cause damage that’s far harder to repair.

OryxAlign can help protect your business by bolstering your Cyber Security. A good first step starts with understanding the Cyber Security services you need; learn more.

By OryxAlign