Ransomware not Dead

Ransomware not Dead

No alt text provided for this image

“Let me be clear: the situation for Norsk Hydro through this is quite severe,” Chief Financial Officer Eivind Kallevik said.

Aluminum maker Norsk Hydro was hit by LockerGoga ransomware and has shifted its operations to manual to continue production. LockerGoga encrypts files with certain extensions and then provides a ransom note in a readme file for payments to be made in Bitcoin. Security Boulevard reports that the malware was likely propagated by using Active Directory.

Business Interruption is an expensive impact as we saw from Notpetya and Wannacry attacks last year.  Mondelez v. Zurich court case for $100 million in losses shows the long tail of these attacks. Time to containment is critical to get systems up and running and operations restored.

What surprised me was that fact that this attack was so widespread in such a sophisticated company. Back in 2005, I had the opportunity to meet with the Norwegian Cyber "Early Warning" VDI project led by Christophe Birkeland of the NSM NorCERT. It was the first attempt to have all major companies in a country put under an umbrella of cyber protection, led by the government. From the news articles on Norsk Hydro, that effort is still in place. But why didnt it catch LockerGoga?

I read through the Norwegian National Cybersecurity Strategy published in January 2019 and it is an excellent example of how public-private partnerships can leverage resources, build and evolve over time to address a dynamic threat environment. The paper discusses a next generation sensor that will be deployed to include classified signatures and IOCs. The very next section (1.2) states that "they will apply AI/ML to the collected data." The remaining Measures are also quite targeted and would be good input to a DHS program.

This latest ransom attack shows that hackers are not 'spraying and praying' and their code is innovating to avoid detection. The Cylance solution prevented the LockerGoga malware. And last year, Cylance prevented Wannacry and Notpetya in large ICS and Manufacturing environments. The Norwegian NSM approach to analyze data collected from Norwegian companies with AI/ML is important but applying robust software at the point of execution is also needed.

要查看或添加评论,请登录

Barnaby Page的更多文章

  • Ransom Payments and Victim Notice Requirements Come under Federal Scrutiny

    Ransom Payments and Victim Notice Requirements Come under Federal Scrutiny

    There is no shortage of victims when Ransomware appears. And last week, the White House announced sanctions for the…

  • Ransomware and the Perils of Paying

    Ransomware and the Perils of Paying

    Ransomware finds its victims by accident or intentionally and each week, the technology and business model adapt. Some…

    3 条评论
  • DEFEATING RANSOMWARE | OUTFLANKING ATTACKERS THROUGH PUBLIC-PRIVATE COOPERATION

    DEFEATING RANSOMWARE | OUTFLANKING ATTACKERS THROUGH PUBLIC-PRIVATE COOPERATION

    Technical experts, business leaders and state officials agree on one thing about ransomware: it’s a mess. But as we…

    1 条评论
  • M&A Issues have Cyber Front & Center

    M&A Issues have Cyber Front & Center

    Merger & Acquisitions (M&A) involve businesses of all sizes and span all industry sectors. It is currently booming…

  • Bank Hack Tales: When What's Old is New Again

    Bank Hack Tales: When What's Old is New Again

    More and more, corporate boards are mandating cyber insurance to transfer risk, but watch out, because you might not…

  • DDoS business impact requires Focus

    DDoS business impact requires Focus

    A Distributed Denial of Service (DDoS) attack shuts down your business for hours or days at a time, disrupting supply…

    1 条评论
  • Credit Bureau Overhaul Past Due

    Credit Bureau Overhaul Past Due

    Don't be late on a payment, it can hurt your credit file. College student or 'thin file'? Not to worry, the big three…

  • Targeted Ransomware requires Identity upgrade

    Targeted Ransomware requires Identity upgrade

    This week we are experiencing the latest iteration of ransomware after last month's Wannacry attack. Key takeaways are:…

  • Health Data Ransom Evolves

    Health Data Ransom Evolves

    The Deep.Dot.

  • Inoculate Against Ransomware

    Inoculate Against Ransomware

    Ransomware attacks targeting the healthcare community are sending shockwaves through the industry. In late March…

社区洞察

其他会员也浏览了