- The Dutch NCSC warns of the dangers of the LockerGoga, MegaCortex, and Ryuk strains.
- The organization identifies 1800 entities that are affected by ransomware attacks.
- Defending against ransomware is a matter of adopting multiple methods of protection.
The National Cyber Security Centre (NCSC) in the Netherlands has published a report detailing the most dangerous and successful ransomware strains out there right now. According to the findings of the NCSC researchers, there are over 1800 companies in the world who are dealing with ransomware infection. This number is considered to be way lower than the actual, as many organizations don’t report or disclose such incidents. While no names were mentioned, NCSC points out that there are big names with billions in revenue on the list.
What is particularly interesting is that the three ransomware strains named “LockerGoga”, “MegaCortex”, and “Ryuk”, seem to be responsible for the vast majority of the attacks against business entities. We covered some of the LockerGoga activity earlier in the year, as it achieved some high-profile knockdowns involving Norsk Hydro, Hexion, and Momentive. MegaCortex appeared particularly active during the summer, targeting the cloud hosting provider “iNSYNQ”. As for Ryuk, we photographed its activity back in March, when it was used to force Georgia country officials to pay a hefty $400k in order to have their IT systems unlocked.
According to NCSC, the three ransomware strains share the same infrastructure, which indicates that network intruders collaborate closely in order to maximize their chances of success. After all, it’s a highly profitable business that also involves the renting of tools and even the renting of access to compromised hosts. The report mentions that accessing a valuable host can cost as much as $20000 in some cases. For the whole thing to work with profit, these actors are looking for the best talent out there. Hackers who are able to make their way through even the most robust security systems are appointed by the ransomware groups and get paid thousands per month to provide their services.
NCSC offers the following advice for the companies to establish adequate enterprise security:
- Perform regular vulnerability management and patching sessions to eliminate known flaws in the software that is deployed.
- Prevent unauthorized code execution by establishing a strict macros activation policy.
- Filter web browsing traffic vigorously, using a security solution or a proxy.
- Organize phishing defense training for the employees and implement multi-layered protection.
- Forbid the use of removable media, or limit their access to non-critical and unconnected parts of the corporate network.