Important CyberRisk Advisory Notice & FBI link
In November 2019, a California-based security services firm suffered a ransomware attack which was identified as the Maze variant. After missing the deadline for the ransom payment, the attackers behind the Maze ransomware published almost 700MB worth of data and threatened to release more if payment was still not made. The following month, the Maze group released data from a range of companies on a ‘name and shame’ website, ousting businesses who did not cooperate with them.
The increased leverage of Maze ransomware places more pressure on victims to pay ransoms, and shows that cybercriminals are continually refining their techniques to successfully extort their targets.
Although the technique utilised by Maze means that victims not only have to deal with the operational impact of the attack but also ensure attention to and compliance with data protection laws, the majority of ransomware variants are not known to exfiltrate data. Nonetheless, this advisory serves to remind our policyholders to review their cybersecurity practices:
Regularly back up data, test these backups, and ensure the backups are not connected to the networks and computers they are backing up
Ensure anti-virus and anti-malware solutions are set to automatically update and that regular scans are conducted
Patch operating systems, software and firmware on devices, patch endpoints as vulnerabilities are discovered, and consider investing in a centralised patch management system
Block macro scripts in Office files transmitted via email
Employ best practices for use of RDP, including auditing your network for systems using RDP, closing unused RDP ports, applying two-factor authentication wherever possible, and logging RDP login attempts
Ensure employees receive awareness training to decrease vulnerability to targeted attacks
The FBI’s Internet Crime Complaint Centre has released a full ransomware advisory, including more information on best practices. You can view the full advisory here
If you want to discuss Cyber Insurance and Risk Management please contact your VRG account director.
