Security Breach Update
30 January 2020

Ransomware attacks are causing more downtime than ever beforeRansomware attacks are causing more downtime than ever before

Ransomware attacks are becoming more frequent and disruptive, impacting the amount of downtime for organisations that fall victim to network-encrypting malware campaigns.

The increased downtime has been driven by a rise in attacks against large organisations, which often need to spend many weeks remediating and restoring their systems. The average number of days a ransomware incident lasts is now 16.2 days – up from 12.1 days.

Ransomware has already had a big impact in just the first month of 2020: currency exchange provider Travelex was hit with Sodinokibi ransomware on New Year’s Eve. They still have several online services out of action, 4 weeks after the event.

Sodinokibi (also Sodin or REvil) is using a former Windows zero-day vulnerability to elevate itself to admin access on infected hosts.

However, organisations can go a long way to protecting themselves from falling victim to ransomware and other cyberattacks by following a few simple security procedures, including multi-factor authentication on accounts across the network.

 Recent Breaches

Australia – Atlassian – Enterprise software company

Exploit: Software vulnerability

Risk to Small Business: Severe: Security researchers identified a flaw in Atlassian’s software that exposed an SSL key that could be used by cybercriminals to redirect app traffic to malicious sites. In response, Atlassian pulled the website’s authentication certificate while it identifies and implements solutions. However, the matter is being openly discussed on Twitter, which means that the company will likely endure a degree of reputational damage. As an enterprise-focused business, this could dissuade potential clients from working with Atlassian in the future.

Risk to Exploited Individuals: At this time, no personal information was compromised in the breach.

Customers Impacted: Unknown.

 

United Kingdom – Travelex

Exploit: Ransomware Attack

Risk to Small Business: Severe:  On New Year’s Eve, hackers launched their attack on the Travelex network. As a result, the company took down its websites across 30 countries to contain “the virus and protect data”.  A ransomware gang called Sodinokibi has told the BBC it is behind the hack and wants Travelex to pay $6m (£4.6m).

The gang, also known as REvil, claims to have gained access to the company’s computer network six months ago and to have downloaded 5GB of sensitive customer data.

Risk to Exploited Individuals: Severe:  Dates of birth, credit card information and national insurance numbers are all in their possession of the hackers.

Customers Impacted:  Unknown

Being proactive in developing a cybersecurity plan can be the difference in successfully defending a breach or losing millions to a harmful attack.

Protect your data, privacy and reputation, talk to a TCT sales team member today.

Robert Brown
30/01/2020

Follow us on LinkedIn:

Related Articles:
UK Businesses Endured an Attack Every Minute in 2019
New Threat Actor Impersonates Government Agencies

Written by