Business Lessons from Canon and Other Recent Ransomware Attacks
Canon has reportedly been hit by a ransomware attack that has resulted in an outage impacting users of the image.canon photo storage site as well as affected the company’s US website and its various internal applications. According to a Bleeping Computer report, Canon was attacked by the notorious Maze ransomware gang and involved the theft of 10 terabytes of confidential data and private databases.
While Canon has been identified as the latest victim of ransomware attack, cyber criminals are exploiting the pandemic situation to launch highly sophisticated cyberattacks on every industry possible. In the first six months of 2020, various Fortune 500 companies became the target of massive data breaches where hackers sold account credentials, sensitive data, confidential and financial information of these organizations to various cyber criminal forums.
Of the various attacks, ransomware is becoming a mammoth business, with a research anticipating that a business is attacked by a cyber criminal every 11 seconds and damage costs from these attacks will globally hit around $20 billion by 2021. (Read the full research report here)
The changing ransomware scenario
These types of attacks have doubled over the last year to an average of $84,000 as security experts see the techniques used by the criminals has changed. As John Shier, senior security advisor of Sophos believes, from a simple phishing message, successful ransomware campaigns are often followed by living-off-the-land techniques, abusing both over-privileged and under-protected accounts, and hiding in plain sight.
In other words, ransomware actors are now using more sophisticated tools. Unlike its predecessors, recent ransomware messages are no longer just poorly written or badly translated generic emails, and virtually anyone can fall for such schemes by clicking on a link in a message or page that triggers the installation of a malware program, observes J Kesavardhanan, Founder & CEO of K7 Computing. He says, “Modern ransomware operators have transformed themselves into businesses and are extremely focused on their targets and attacking strategies.”
Kesavardhanan notes, threat actors now operate like high-end software enterprises offering Ransomware as a Service (RaaS). “The modern RaaS solutions come with high-end tools like a dashboard to display attack status in real time, customer helpline, and more. Threat actors are also increasing their advertisements on the dark web, offering a variety of customized attacks,” he says.
Experts also believe though the ransomware encountered during the COVID-19 pandemic are largely similar to the pre-COVID landscape, cyber threat actors are exploiting pandemic-related fear and uncertainty, as well as new vulnerabilities created by the shift to virtual environments.
For example, in March, hackers deployed the Maze ransomware to attack a U.K.-based laboratory that was testing COVID vaccines. In May, Pitney Bowes disclosed that they had been hit by Maze ransomware less than a year after they were hit by a similar attack. The group behind Maze specializes in double extortion, an attack that increases pressure on its victims to pay by threatening to release important data in addition to encrypting systems. In June, the University of California San Francisco reported that it paid a $1.14 million ransom after malware encrypted certain servers within its school of medicine.
More recently, sport and fitness tech major Garmin was hit by a ransomware attack. The attack also took down flyGarmin, its aviation navigation and route-planning service, took the business entirely offline for more than three days. It is believed to have been carried out by a Russian cyber criminal gang which calls itself “Evil Corp”.
So what is the solution when ransomware strikes?
“The ransomware attack on Canon is just another example of the Maze gang’s sustained and brazen targeting of enterprises. Following other recent high profile attacks, this latest salvo should be a wake-up call to all the enterprises who haven’t taken the time to assess their security posture and bolster their defenses against these pernicious adversaries,” Shier says.
He recommends enterprises to build a strong security foundation such as based on principle of least privilege, multi-factor authentication (MFA) and rigorous patching and user training, which includes investment in both prevention and detection technologies to avoid being a victim.
According to Rakesh Kharwal, Managing Director – India, South Asia & ASEAN, Cyberbit, “The right approach is to turn to immersive training in a virtual environment where cybersecurity analysts can experience real-world environments and real-world attacks such as ransomware, fileless attacks, data exfiltration and many more. This approach will certainly ensure that your SOC team is able to protect their network when time comes.”
Another important and effective cyber protection strategy is to encrypt and back up data. Data encryption remains the most efficient fix for data breaches. Companies must also check that the data encryption software is activated and updated on all company devices, even those that are being used remotely. “As ransomware hackers lock companies out of their systems, encrypting the data and asking for a ransom, the company can stay one step ahead by backing up all data and storing it separately,” he says.
Firms also need to put in place contingency plans about what to do in the event of a ransomware attack. This should cover how employees can continue working and deploying a team to prevent the ransomware causing more damage and remove it from the system.
Businesses must assume that at some point they are going to be a ransomware target and prepare accordingly. If they don’t, reclaiming the treasure trove of data could cost them a king’s ransom.