Encryption trojans increasingly target corporate networks

09.05.2019 - Since the beginning of 2019, there is an increase of reports from SMEs and large companies in Switzerland and abroad which have been attacked by ransomware. In some cases the attackers were able to encrypt the backup as well.

In the past, MELANI has consistently warned against ransomware and has already published recommendations in 2016.

Unfortunately, there are still cases where companies have completely lost their most valuable data because the chosen backup solution did not work or was not applied correctly and the attacker was able to delete or encrypt the backups.

Recommendations:

Due to the current situation, MELANI urgently warns Swiss companies against ransomware and recommends the following measures:

  • Make regular backups of your data, for example on an external hard disk. Use a rotation scheme (grandfather-father-son [daily, weekly, monthly] / at least 2 generations). Make sure that you physically disconnect the backup media from the computer or network after the backup process. Otherwise, the attackers will also access the backup and encrypt or delete it.
  • For cloud-based backup solutions, you should make sure that the provider has at least two generations analogue to the classic backup and that the backup is not accessible for a ransomware. It is recommended to apply for example a two-factor authentication for critical operations.
  • Operating systems and applications installed on computers and servers (e.g. Adobe Reader, Adobe Flash, Java etc.) must be consistently updated. If available, it is best to use the automatic update function.
  • Protect resources which are accessible from the internet (for example Terminal-Server, RAS, VPN-Access) with a second factor.
  • Block the receipt of dangerous email attachments at your email gateway. Detailed information you will find at the bottom of the following page: https://www.melani.admin.ch/against-ransomware

Pay the ransom?

Refrain from paying a ransom because this will only strengthen the criminal infrastructure and thereby allow criminals to blackmail other victims. In addition, there is no guarantee that the key for decryption will be provided.

Current GovCERT.ch-Blog about Ransomware
https://www.govcert.admin.ch/blog/36/severe-ransomware-attacks-against-swiss-smes

More information about  «Ransomware»:
https://www.melani.admin.ch/against-ransomware

Information security checklist for SMEs
https://www.melani.admin.ch/melani/en/home/dokumentation/checklists-and-instructions/merkblatt-it-sicherheit-fuer-kmus.html

Swiss Ransomware Awareness Day (not available in english):
https://www.melani.admin.ch/melani/de/home/dokumentation/newsletter/ransomwareday.html

Emotet attacks against company networks (not available in english):
https://www.melani.admin.ch/melani/de/home/dokumentation/newsletter/Trojaner_Emotet_greift_Unternehmensnetzwerke_an.html

 
 

Specialist staff
Last modification 05.01.2021

Top of page

https://www.ncsc.admin.ch/content/ncsc/en/home/aktuell/news/news-archiv/verschluesselungstrojaner-greifen-vermehrt-gezielt-unternehmensn.html