Cyber Security Newsletter - Week 5
9 Dec 2020
Cyber Security Weekly Newsletter
Keeping an eye on cyber news and threats
Hi everyone, I hope you’re having a good week so far! This week I focus on ransomware attacks as they are happening more frequently as more people are working remotely and can have huge financial impacts. So, without further ado, let’s kick off with the first article.
Surge of ransomware attacks during remote-working increase
Remote-working is the hot topic at the moment as you can imagine and you may be bored of hearing about it, but you can’t deny its relevance and the importance of making sure we are aware of the ongoing risks associated with it.
We have seen a huge increase in the number of ransomware attacks in correlation with the increase of remote workers. This is likely because of several factors, such as employees being outside of their company’s secure bubble and on their own computers, a more relaxed mentality due to being at home or simply more users online every day equals more targets. Either way, it’s a problem and many of us are not prepared in the event of a ransomware attack.
What is ransomware?
Ransomware, as the name suggests, is malicious software that encrypts your files and holds them to ransom. The virus can be downloaded accidentally when sent through phishing email links or attachments, from malicious websites or installing fake software, and there are varying types which behave slightly differently from each other. The thing they do all have in common is that they require you to pay a sum of money before the time runs out or you lose your files forever.
How does it work?
Most use a combination of the RSA-AES encryption standard (which is extremely difficult to decipher without the key) to encrypt your files so that you cannot use them, and the key to decrypt them is held somewhere secret on the dark web. If you pay within the allotted time, the program decrypts your files.
Getting your files back
The first question you may be thinking is ‘if I pay will I really get my files back?’. Yes, actually. People who have paid the ransom reported that they did indeed get the files back within a few hours of paying the fee. If people didn’t get their files back after paying, word would spread and nobody would pay, so it’s in the attacker’s best interest to decrypt your files.
Obviously, we want to explore other options before paying, as that should be a last resort.
One thing you can try is to restore your files from a back-up if you have one, but ransomware will also hunt for your back-ups and delete them as part of the process to try and prevent you from doing this, so try and keep back-ups on a separate device. Another recovery method would be to use a restore point to go back to an earlier snapshot of the computer, but again the malware tries to delete that data too.
My advice is to keep your anti-virus up to date, try and use one that has ransomware protection if possible, be careful when downloading files and attachments, and back up your files where the ransomware can’t get to such as the cloud or removable storage (disconnected when not in use).
You can find more ways of retrieving your files in the virus removal guides section of bleepingcomputer.com, which also contains a lot of useful information about different types of ransomware.
Foxconn ransomware attack - $34 million ransom
When it comes to ransomware attacks it’s not just individuals that fall victim, businesses and large corporations are targets too. Cybercriminals know that if they can successfully attack a big company, the ransom they demand can be higher.
Foxconn is the largest manufacturer of electronics in the world (you probably know them better for their subsidiaries such as Sharp and Belkin) and they were hit with a ransomware attack demanding $34 million or important company files would be published online.
The attack itself was carried out on Foxconn's CTBG MX facility in Mexico by a ransomware gang known as DoppelPaymer, which encrypted around 1,200 servers, deleted 20-30TB of backups and stole 100GB of unencrypted files. The attack targeted Foxconn’s North America segment and not the entire corporation.
Some of the files were published after the ransom wasn’t paid, but only contained generic company files and not any personal or financial data. Foxconn has not paid the ransom and is working to bring systems back into service.
This week’s top tip – back up your files
Whether it’s your personal files or company files, backups are a must. Things can and will go wrong, be it your hard drive failing or a ransomware attack, if you don’t have those files backed up, they are gone forever.
Having at least two backups is good practice, but understandably for individuals and their personal files backing up constantly to various places can be tedious. The best way is either cloud storage such as OneDrive which allows you to save everything to one place and everything is automatically backed up to the cloud – no faff necessary, or to use USB storage. USB storage allows you to copy the files you want to keep safe (Windows has File History which allows you to choose what you want to back up and does it for you) and keep them separate from your computer. This way if something goes wrong, your files will be safe and sound elsewhere and you can simply recover them should anything happen to the originals.
That’s all for now, stay safe and see you next week.