Switzerland’s Reporting and Analysis Centre for Information Assurance (MELANI) has issued an urgent security notice addressing Swiss-based companies that have recently suffered cyber-attacks.
The federal agency, created with the mission to protect critical infrastructures, urges these firms, and others like them, to think twice before paying the ransom.
According to the advisory, published yesterday, MELANI has dealt with more than a dozen ransomware infections at large companies across Switzerland. Many of the systems were rendered unusable, as attackers demanded ransoms ranging from tens of thousands to millions of Swiss francs.
Warnings from the authorities were not heeded
Technical analysis of each incident revealed generally lax IT security policies and processes among victims.
“IT security of the companies affected was often incomplete and the usual best practices (Information security checklist for SMEs) were not fully observed,” the document reads. “Furthermore, warnings from the authorities were not heeded.”
MELANI proceeds to outline some of the most common weaknesses encountered during analysis, including:
As long as companies pay ransom, “attackers will never stop blackmailing”
The document provides recommendations on how to address each headcount. MELANI also urges companies in Switzerland to refrain from paying ransom.
“If systems have been encrypted by ransomware, MELANI advises against making a ransom payment,” it says. “As a general rule, MELANI does not recommend paying because the money will support the hacker's infrastructure. It should also be noted that even if a ransom is paid, there is no guarantee that the blackmailer will decrypt the data.”
“As long as there are still companies that make ransom payments, attackers will never stop blackmailing,” MELANI stresses.
If a ransomware payment is considered, MELANI advises to make sure systems are fully cleansed of the infection before putting them back into operation.
In many of the reported cases, hackers used the infamous banking trojans "Emotet" and "TrickBot" to deploy ransomware in the targeted infrastructures. The two pieces of malware are notoriously persistent and can continue to deal damage even after systems have been apparently cleaned of malware.
tags
Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.
View all postsDon’t miss out on exclusive content and exciting announcements!