Freely subscribe to our NEWSLETTER

Dirk Schrader, field CISO and VP of security research at Netwrix notes the best practices organisations can adopt in order to avoid similar cyberattacks:

“The INC Ransom group has published a limited number of documents to gain attention, solidify the reputation of a dangerous adversary, and create further anxiety. They will likely leverage the exfiltrated data in future attacks, including impersonation or scams, to extract money.

“Other public entities should stay vigilant and make sure to get prepared accordingly. Typically, there are three stages in the attack. First, bad actors gain access to some part of the IT infrastructure to have ‘a foot in the door’. Next, they infiltrate deeper, expanding their control over a victim’s digital assets. Finally, they impair the operations and extract sensitive data.

“With this in mind, the first step towards ransomware protection will be to adapt digital assets to the known cyber risks. The most likely scenarios include account takeover by phishing campaigns, brute force password cracking, and exploiting vulnerable configurations, to name a few. Implementing the least privilege approach and system hardening will help to mitigate these risks.

“Second, it is crucial to anticipate new risks where threat actors change their tactics, techniques, and procedures. Switching to modern security solutions and updating them in a timely manner significantly reduces the number of vulnerabilities that adversaries can exploit.

“Finally, it is crucial to ensure that an organisation is capable of functioning while being under attack and can recover from it. Organisations should take regular care of their backups and exercise restoration processes to make sure everything runs smoothly when the time comes.”