<img src="https://secure.leadforensics.com/161977.png" alt="" style="display:none;">

The world of Ransomware is changing. Over a number of years, it is clear to see how cyber-attacks have resulted in lost revenues and negative brand reputation. However, one of the lesser seen consequences is now the most worrying. 

Your customers, or 3rd party users may often rely on your services to various degrees. Cyber criminals are doing everything and anything to line their own pockets. Take for example, the attack on Hackney council. Whilst full details are still to be disclosed, it seems that as a result of the attacker’s ransomware, a primary payment system was taken offline. Not only was this system used for incoming payments, but it was used to pay people their benefit payments. One can easily see how serious an impact this could have.

Traditionally, the aim of ransomware is to get onto a target’s environment, encrypt critical infrastructure and demand payment; in exchange for the decryption keys. This leads to companies focusing on their ability to restore from backup and minimising that downtime. Problem solved, right? What we now see with ransomware attacks, is a two-part process, where data is exfiltrated prior to the encryption binary being executed. This results in hackers having leverage for payment, as GDPR fines for lost data could still apply.

This makes it more imperative than ever to identify an attack as early as possible in the kill chain. The only way to stop these attacks are to see the initial stages and ACT before it is too late. By identifying the threat before data is lost, or assets encrypted, it is possible to significantly reduce internal risk, as well as risk to 3rd parties. What we are seeing within our customer base, is that there isn’t a need to reinvent the wheel. Through the deployment of Intrusion, Detection and Response, customers can see the events in the early stages of the attack chain. We have also seen an increase in requests for SOAR over the past 12 months. Having the alerts in place is one thing, but it is no surprise that having a good bot, on your side, helps.

To find out more from one of our experts, please do get in contact... 

Speak to the team

/ Insights / Opinion /

Can data really be stolen using DNS?

As we know, if it wasn’t for DNS, you wouldn’t be reading this. DNS is a fundamental part of our organisations’ ability to function and therefore we need to secure it.  

/ Insights / Opinion /

Why you should be working towards enforcing a reject policy & how to get there

In our blog last month, we explained the origins of DMARC (Domain-based Message Authentication, Reporting and Conformance) and highlighted the reasons as to why Charterhouse recommend every organisation to enforce a ‘p=reject’ policy, a recommendation shared by the NCSC (National Cyber Security Centre).