As reported by Bleeping Computer, attackers using the Ragnar Locker ransomware have encrypted the systems of Portuguese multinational energy giant Energias de Portugal (EDP) and are now asking for a 1580 BTC ransom ($10.9M or €9.9M). EDP Group is one of the largest European operators in the energy sector (gas and electricity) and the world’s 4th largest producer of wind energy. During the attack, the Ragnar Locker ransomware operators claim to have stolen over 10 TB of sensitive company files and they are now threatening the company to leak all the stolen data unless the ransom is paid.
Moreno Carullo, Co-founder and CTO, Nozomi Networks
April 16, 2020
If organisations want to avoid falling victim to this kind of attack, they should look to employ network segmentation.
Threatening to leak data is becoming increasingly popular among ransomware operators as we have witnessed with DoppelPaymer, Sodinokibi, and now, RagnarLocker. In the past, victims had their operations disrupted simply by Data Encrypted for Impact. Today many organisations have strategies in place to respond to such attacks, using backups for instance. For this reason, the most lucrative alterna ....Threatening to leak data is becoming increasingly popular among ransomware operators as we have witnessed with DoppelPaymer, Sodinokibi, and now, RagnarLocker. In the past, victims had their operations disrupted simply by Data Encrypted for Impact. Today many organisations have strategies in place to respond to such attacks, using backups for instance. For this reason, the most lucrative alternative employed by ransomware operators today is threatening the leak of sensitive data. Criminals are explicitly looking for targets holding sensitive data and the more important the data the more leverage they can exercise on the victims. The leak of sensitive data can cause a variety of severe consequences for the affected organisation, including loss of intellectual property, which is extremely valuable for those that are R&D-focused, for example. Victim companies also have to deal with the economical and reputational impact of leaks due to data protection regulations, making the attacker's leverage even stronger. If organisations want to avoid falling victim to this kind of attack, they should look to employ network segmentation. In essence, this separates the most crucial parts of the network, so it's more difficult for adversaries to get in.
Carl Wearn, Head of E-Crime , Mimecast
April 16, 2020
Lastly, please do make use of multi-factor authentication whenever available.
This attack again highlights the fact that ransomware does not discriminate, and it can affect any business across any industry. This is why it’s crucial that all businesses prepare for the possibility of a ransomware attack happening to them and that they implement strong resilience measures so that they are in the best position to recover effectively in case the worst happens. Having contingen ....This attack again highlights the fact that ransomware does not discriminate, and it can affect any business across any industry. This is why it’s crucial that all businesses prepare for the possibility of a ransomware attack happening to them and that they implement strong resilience measures so that they are in the best position to recover effectively in case the worst happens. Having contingency plans in place is critical at a time when ransomware attacks against large companies are becoming a regular theme. Remediation of any ransomware infection is likely to be significantly more difficult to remediate in any jurisdiction experiencing a period of lockdown or distancing measures. It may well slow any organisational response and require significant replacement of assets rather than allowing an effective segregation of impacted machines. I cannot overstate the critical importance of individual’s awareness of threats and strong cyber hygiene during the current pandemic and with entire workforces working from home. Please ensure that whenever possible you avoid using your work devices for personal use, or letting children or partners use work devices they are unfamiliar with. Other measures such as always using strong unique passwords, not clicking links or attachments in unsolicited emails, ensuring your firewall is on, the use of encrypted communications via your router and the use of any workplace VPN are also of critical importance when away from the office. Lastly, please do make use of multi-factor authentication whenever available. In addition to maintaining the security of your work network, these measures may also save you from becoming a victim.
Jake Moore, Cybersecurity Specialist, ESET
April 16, 2020
If targeted companies pay such ransoms, they are purely fueling the cybercrime business cycle and funding further attacks.
With companies reportedly paying attackers eyewatering amounts recently, nothing shocks me and I wouldn’t be surprised if more businesses continued to meet hackers’ demands. If targeted companies pay such ransoms, they are purely fueling the cybercrime business cycle and funding further attacks. Furthermore, once data has been stolen, larger threats are usually thrown on the table and it can ....With companies reportedly paying attackers eyewatering amounts recently, nothing shocks me and I wouldn’t be surprised if more businesses continued to meet hackers’ demands. If targeted companies pay such ransoms, they are purely fueling the cybercrime business cycle and funding further attacks. Furthermore, once data has been stolen, larger threats are usually thrown on the table and it can take a different direction. Once a company pays a ransom to prevent their data being released, there is nothing to say the criminals won’t come back with further demands. Protective measures are difficult to weigh in reactively, so this attack is all about preparation. Simulations of a ransomware attack can help to discover where a company’s weaknesses are and proactively protect them.
Rob Fitzsimons, A Field Applications Engineer , Telesoft Technologies
April 15, 2020
A strong human firewall is also essential.
EDP’s span is so vast that suffering a data breach would have huge ramifications for its reputation. That’s why it and other critical national infrastructure suppliers are prime targets. When companies are held over a barrel, a $10.9 million (£8.57 million) ransom demand suddenly seems like a viable option. But, of course, there’s no guarantee that hackers will unencrypt data once ransoms h ....EDP’s span is so vast that suffering a data breach would have huge ramifications for its reputation. That’s why it and other critical national infrastructure suppliers are prime targets. When companies are held over a barrel, a $10.9 million (£8.57 million) ransom demand suddenly seems like a viable option. But, of course, there’s no guarantee that hackers will unencrypt data once ransoms have been paid – these aren’t typical business transactions governed by ethics. Defending against ransomware, particularly a highly targeted strain such a RagnarLocker which undertakes comprehensive reconnaissance of its targets before it’s actually deployed, necessitates complete visibility into network traffic. Any irregular activity, no matter how seemingly insignificant, could be malicious actors carrying out the groundwork for future attacks, so they must be investigated. A strong human firewall is also essential. When employees know about the red flags of phishing attacks, for instance, they will be more vigilant with emails and comms that request they visit sites or click on links. This is even more crucial at the current time with many individuals working from home, without the security of corporate networks.
