For HomeFor BusinessFor Partners
Business Insights
4 min read

Swiss Cybersecurity Body Urges Businesses to Stop Paying Ransomware Demands, Exposes Lax Security Practices

Filip Truta

February 20, 2020

Swiss Cybersecurity Body Urges Businesses to Stop Paying Ransomware Demands, Exposes Lax Security Practices

Switzerland’s Reporting and Analysis Centre for Information Assurance (MELANI) has issued an urgent security notice addressing Swiss-based companies that have recently suffered cyber-attacks.

The federal agency, created with the mission to protect critical infrastructures, urges these firms, and others like them, to think twice before paying the ransom.

According to the advisory, published yesterday, MELANI has dealt with more than a dozen ransomware infections at large companies across Switzerland. Many of the systems were rendered unusable, as attackers demanded ransoms ranging from tens of thousands to millions of Swiss francs.

Warnings from the authorities were not heeded

Technical analysis of each incident revealed generally lax IT security policies and processes among victims.

“IT security of the companies affected was often incomplete and the usual best practices (Information security checklist for SMEs) were not fully observed,” the document reads. “Furthermore, warnings from the authorities were not heeded.”

MELANI proceeds to outline some of the most common weaknesses encountered during analysis, including:

  • No antivirus solution deployed
  • Remote Desktop Protocol (RDP) protected with a weak password; input was only set to the default (standard port 3389); no VPN or IP filter to restrict access
  • Notifications from authorities or from internet service providers (ISPs) about potential infections were ignored or not taken seriously by the affected companies
  • Backups were not kept offline and secluded from the main network
  • No network segregation
  • Lax patch management
  • Excessive user rights (e.g. a backup user who has domain admin rights or a system administrator who has the same rights when browsing the internet as when managing the systems)

As long as companies pay ransom, “attackers will never stop blackmailing”

The document provides recommendations on how to address each headcount. MELANI also urges companies in Switzerland to refrain from paying ransom.

“If systems have been encrypted by ransomware, MELANI advises against making a ransom payment,” it says. “As a general rule, MELANI does not recommend paying because the money will support the hacker's infrastructure. It should also be noted that even if a ransom is paid, there is no guarantee that the blackmailer will decrypt the data.”

“As long as there are still companies that make ransom payments, attackers will never stop blackmailing,” MELANI stresses.

If a ransomware payment is considered, MELANI advises to make sure systems are fully cleansed of the infection before putting them back into operation.

In many of the reported cases, hackers used the infamous banking trojans "Emotet" and "TrickBot" to deploy ransomware in the targeted infrastructures. The two pieces of malware are notoriously persistent and can continue to deal damage even after systems have been apparently cleaned of malware.

tags

Business Insights

Author

Filip Truta

Filip Truta

Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.

View all posts

Right now Top posts

ShrinkLocker (+Decryptor): From Friend to Foe, and Back Again
Ransomware Threat Research Threat Intelligence

ShrinkLocker (+Decryptor): From Friend to Foe, and Back Again

November 13, 2024

Bitdefender Threat Debrief | November 2024
Enterprise Security Ransomware Bitdefender Threat Debrief

Bitdefender Threat Debrief | November 2024

November 07, 2024

5 Approaches to Counter a Cybercriminal’s Growing Arsenal
Enterprise Security Threat Research

5 Approaches to Counter a Cybercriminal’s Growing Arsenal

November 06, 2024

Bitdefender Threat Debrief | October 2024
Enterprise Security Ransomware Bitdefender Threat Debrief

Bitdefender Threat Debrief | October 2024

October 10, 2024

FOLLOW US ON SOCIAL MEDIA

SUBSCRIBE TO OUR NEWSLETTER

Don’t miss out on exclusive content and exciting announcements!

You might also like

Empowering MSP Workflows: Bitdefender’s New ConnectWise PSA Integration Update
Enterprise Security Endpoint Protection & Management

Empowering MSP Workflows: Bitdefender’s New ConnectWise PSA Integration Update
Bitdefender Enterprise

November 21, 2024

Security Advisory: Adversaries Abuse Microsoft Teams and Quick Assist
Enterprise Security Endpoint Detection and Response

Security Advisory: Adversaries Abuse Microsoft Teams and Quick Assist
Jade Brown and Nikki Salas

November 20, 2024

Balancing User Experience with Security: A New Frontier for CISOs in Minimizing Business Risk Exposure
Enterprise Security Endpoint Protection & Management Endpoint Detection and Response

Balancing User Experience with Security: A New Frontier for CISOs in Minimizing Business Risk Exposure
Daniel Daraban

November 19, 2024

Bookmarks

loader