June 10, 2023

Data Protection

Data is changing the world

Ransomware Is Headed Your Way: Be Prepared

When the Accidental Hero stopped the spread of ransomware attacks through registration of garbed domain code hidden in the malware that activated the Kill Switch, he quickly pointed that the attacks could be rebooted. Now, it is evident that ransomware is back and might be around for longer. 

Ransomware is using new malware to hit targets

A couple of weeks following the WannaCry ransomware worm shock that sent shockwaves throughout Europe, a new case have been reported. One of the top webhosting companies in South Korea was overrun completely by ransomware and almost edged out of business. The multinational, Nayana, was hit by a new ransomware called Erebus on 10th June. Erebus targets web servers.

At Nayana, over 150 Linux servers in the company infrastructure were infected. This took down most of the company’s clients’ websites.  The attacker demanded $4 million in ransom from Nayana.

After intense negotiations, Nayana managed to bring down the figure to $1 million. They were really pretty in their negotiations to convince the attackers to bring down the ransom by 75%.

A new problem for Nayana

While the negotiation was a significant stretch, the remaining part of raising the $1 million is equally a huge challenge. Nayana does not have the cash! To meet the ransom, the CEO had to take one of the investments outside the company.

The CEO said that with their focus on protecting the customer interests, they negotiated with hackers. Nayana agreed with the hackers that it pays the amount in three installments while the data from its servers is restored. The process of recovering data is expected to take about 2-5 days though it can extend to over 10 days for some servers.

Lessons for other enterprises from Nayana

The Nayana situation, though unique in many ways, present a perfect lesson to other enterprises; Ransomware is headed your way. Well, it might not strike today, this week, coming months or in the course of the year, but it is surely on the way to your company.

Basic security precautions are necessary but no longer effective in this age

From the havoc that ransomware wrecked in European companies and institutions such as Telefonica, FedEx, UK’S National Health Service (NHS) and Nayana, the stress on businesses can affect it to the core. Defending against ransomware has proven even more difficult.

The conventional security precautions are prudent and must be enforced at all cost because you are not simply working against ransomware only.

Your staff must be educated on malware, remind them never to open unexpected attachments or click links suspicious links.

What exactly do you do next? 

In addition to the conventional security efforts, you have to move one more step ahead.

  1. It is strongly recommended that your company puts up a good plan on what the enterprise will do or will not do in the event that ransomware strikes. 
  2. Decide at the highest level of the company whether you will or not pay. If you will, how much can you afford? Many people will easily say they will not pay when the data under the question is not theirs. However, things will be very different when clients are knocking on the door, leaving you and the company at the edge of collapsing.
  3. It is prudent (perhaps most IMPORTANT) to design an offsite backup that can be accessed easily. This might be the only secret weapon on whether to pay or not.

The report from Nayana demonstrates that we are in the age when companies must start preparing for the certainty of ransomware attacks. The time to start is now.