The Federal Office for Security and Information Technology (BSI) strongly warns against targeted ransomware attacks on companies. More recently, the Federal Office has noted increased attacks on networks, resulting in the manual or targeted execution of an encryption Trojan. Affected by these attacks are primarily companies and IT service providers.
The criminals are very clever. According to the BSI, they use broad spam campaigns such as Emotet to gain access to individual corporate networks and then manually research the network and systems of those affected. In doing so, the attackers try to manipulate or delete any back-ups and then selectively carry out coordinated ransomware on the computer systems with promising targets. The goal of the procedure is to put significantly high ransom demands on companies.
The BSI therefore warns urgently to take even the smallest IT security incidents seriously. “We are currently witnessing the proliferation of sophisticated methods by organized crime, which until a few months ago had been limited to intelligence agencies. As a result, companies should consistently deal with every security incident, since it can also be a preparatory attack, “says BSI President Arne Schönbohm.
The BSI has issued a cyber security warning via the CERT alliance and the Alliance for Cyber Security with technical details and recommendations for action.
Three measures for better protection
- Protection against primary infections
- Checking connections from service providers to customers
Businesses that have suffered a malware infection should inform their business partners or customers about the incident in a timely manner, and alert them to possible future attempts to attack them by using fake sender addresses from your organization. To make sure that the companies themselves are not infected by a business partner or service provider, network access and the permissions of external service providers should be checked. Should the service provider itself become the victim of a ransomware attack, the attackers could otherwise penetrate into your own company network via existing VPN connections.
- Protection against ransomware
In general, the BSI strongly advises against responding to any claims of the perpetrators. It should be ensured that suitable backups are regularly created that can be used to restore the systems. To protect the integrity and availability of existing backups, they should also be stored offline in a separate network or network segment.