I really appreciate Kevin's fast action and solution to fix our problem.
How does ransomware work? Once ransomware gets into your computer systems, usually through an infected email attachment or the all too common Trojan horse attack, it will lock your computer or encrypt your data and demand payment in exchange for giving control of your systems back to you.
Even when it seems that everyone is focused on the coronavirus pandemic, ransomware attackers are still wreaking havoc, with Honda becoming the latest high profile victim. The global automaker confirmed a cyberattack forced it to shut down multiple factories through a post on its official Twitter account that read “At this time Honda customer service and Honda Financial Services are experiencing technical difficulties and are unavailable,” adding that they were “working to resolve the issue as quickly as possible.” The company would later confirm in a written statement to BBC that indeed a cyberattack had occurred on its network.
A detailed analysis of the code samples used, conducted by Malwarebytes Lab, would later support the likelihood of the cyberattack being ransomware. This narrowed its origin down to the Ekans Snake Ransomware Group that is also associated with a recent hack of a hospital’s systems in Germany.
While Honda didn’t disclose much on the nature of the cyberattack, Bleeping Computer says that as outside observers, they see signs that the incident was a ransomware attack with a variant of Snake.
Brett Callow, a data security expert, fronts that the ransomware attack began after a file-encrypting malware was sent to Honda’s subdomain mds.honda.com hosted by VirusTotal. The analyst further clarified in an interview with TechCrunch that “the ransomware will only encrypt files on systems capable of resolving this domain, but, as the domain does not exist in the clear net, most systems would not be able to resolve it”.
This attack on Honda is not the first of its kind that the manufacturer has had to deal with in the recent past. Back in 2017, Honda’s car plant in northwest Tokyo was forced to stop production for a whole day due to malware in their systems from WannaCry.
A Sophos News publication dubbed “The state of ransomware in 2020” found that out of the 5,000 managers surveyed across 26 countries, 51% of them have had ransomware attacks in the last twelve months. Almost three-quarters of the attacks involved encryption of organizations’ data.
Besides posing the peril of who will access the breached data and what they could use it for, mitigation of ransomware is costly. Even after incurring such a financial dent, companies still have to spend on data security for the recovered files, identification of points of entry for the malware, and patches on their systems.
In the midst of all this, production is reduced or wholly expunged. Honda, for example, had to halt operations for up to three days. The best way to be ready for a ransomware attack is to be ready.
The reality is that organizations across the board are potentially going to get attacked. Proper preparation increases resilience and lowers the impact of these attacks.
1. Training and Capacity Building: The organization’s CISO should organize regular drills to walk employees through crisis scenarios, with particular focus on the personnel that will be involved in responding to real-life breaches. Enterprises that invest in training scenario preparations decrease the overall cost of mitigation by almost 30%
2. Backup: Identify where the most critical and sensitive data is within your environment, and figure out how to have an offline backup of that data. Offline backup of all your info could be very costly. Crucial data such as records of financial transactions, education, 911 information, however, must be available offline for easy restoration in case malware attackers encrypt them.
3. Investing in Data Security: Most organizations are now implementing multi-factor authentication (MFA) for services that are open to the web. Attackers are looking to exploit any type of backdoors in, but most of their entries are due to the misconfiguration of servers that are available for access through the internet. The adoption of SSO systems has also been very instrumental in abating malicious unauthorized entries.
4. Partnering With Managed IT Service Providers: Most internal IT teams may not have the experience to handle ransomware. You can outsource an IT support team either to co-manage your IT systems with the in-house unit or to completely manage the threats and insecurities.
Besides investing in the prevention of attacks, the selected IT firm should also have a cyberattack insurance policy for extreme cases where the attackers manage to penetrate their firewalls.
Outsource IT Solutions Group is a full-service IT management company that has been helping Chicagoland area businesses to avert and alleviate IT threats since 1998.
We follow a proactive approach that includes developing top-tier enterprise-grade security programs, and regular data security assessment on your systems to identify and patch any potential backdoors. Our Testimonials speak to our diligent provision of state-of-the-art IT Solutions for over 22 years.