05 Nov Security Breach – 5 Nov 2020
Ransomware Recovery is Long and Expensive.
Ransomware has been the story of the year in cybersecurity, as attacks have boomed by more than 40% since March 2020. This slippery, dangerous foe is a nightmare that can wreak havoc on your business and cost a fortune in restoration and recovery on top of the lost business and general damage.
No one wants to deal with ransomware. But since you’re already looking at an expensive proposition, can you save yourself the money, time, and headaches of undertaking a ransomware incident response by paying the ransom and getting the encryption key to unlock your systems and data – and will you get in legal trouble for doing it?
The answer is complicated. While paying the ransom may not be expressly prohibited by law, legal officials are not fans of the practice. The US Treasury issued new guidance this month urging people not to pay hackers, and noting that businesses could face civil penalties if they pay ransoms to hacker groups affiliated with sanctioned nation-states, a particular concern for the healthcare sector.
The better approach to protecting your business from phishing danger including ransomware is increased security awareness and phishing resistance training. Ransomware is most likely to arrive at your doorstep as the cargo of a phishing email, as well as other dangerous cyberattacks like business email compromise, spear phishing, and whaling.
Australia – Isentia – Media Monitoring Firm
Risk to Small Business: Severe: Analytics and media monitoring firm Isentia, the company that provides media services for much of the Australian government, has been hit by a cyberattack, likely ransomware. Customers lost access to the company’s service portal that connects them with media reporting on them, issues of interest to them, and journalists. The incident is under investigation, with no clear diagnosis of what if any data was stolen. Isentia holds sensitive information for powerful public figures as part of its media services operations.
Risk to Exploited Individuals: Isentia has not released information about potentially stolen personal information or customer data exposure.
Customers Impacted: Unknown
Japan – Nuclear Regulatory Authority – Government Agency
Exploit: Unauthorized Systems Access
Risk to Small Business: Moderate: In a small but troubling incident at NRA, an unauthorized intruder gained access to the email system and the agency was forced to shut it down. The incursion affected both internal and external communications, snarling applications for hearings and impacting other business. Communications are limited to phone calls and in-person meetings. No data was stolen and access to any operations or research systems is through a separate, more secure system.
Risk to Exploited Individuals: No individual information was reported as impacted in this incident.
Customers Impacted: Unknown
Protect your data and systems by implementing a solid cybersecurity plan. Talk to a TCT team member today and we can show you how.
Follow us on LinkedIn: