Summary
Over the past few years, cybercriminals have brought more sophisticated ransomware attacks against organizations leading to potentially catastrophic damages. Generally, an attacker gains access to an internal network, performs network reconnaissance, elevates their privileges, and deploys ransomware across the network, which encrypts the data rendering it unusable. The attacker then demands the organization pay a large sum of money for the keys to decrypt the data. This makes it critical for organizations to increase security awareness, perform regular offsite backups of critical systems, have properly configured network monitoring and endpoint protection, and a mature incident response program.
Criminals are now taking their extortion attempts to the next level. Security researchers have noticed a spike in emails sent to end customers of companies that have fallen victim to network breaches. These emails notify customers that their data has been compromised due to a security breach. It asks the customer to reach out and demand that the company pay the cybercriminal’s ransom request in order to prevent their personal data from being leaked online. Here is an example of the type of emails end customers are receiving:
Most security professionals will tell you, if possible, avoid paying the ransom when your company falls victim to data leaks or ransomware attacks. Increased pressure from customers receiving these emails only makes the decision to not pay more difficult. Additionally, these emails notifying customers of a data breach can lead to reputational damage and lost business.
What can be done?
It is important for companies to put an emphasis on security before they fall victim to these types of attacks. Performing regular external penetration testing can prevent attackers from compromising systems and pivoting into the internal network. Additionally, performing internal penetration testing can stop an attacker in their tracks. If an attacker gains a foothold, it will be difficult for them to elevate privileges and compromise critical internal systems allowing the deployment of ransomware. nGuard provides an abundance of tactical and strategic security assessments that will boost the overall security posture of an organization. This will reduce the chances of a successful attack and further minimize the damages that stem from a breach.
