Ransomware Attacks Hit Spanish Companies, Paralyzes Government Services in Canadian Territory of Nunavut
Ransomware made headlines again, starting with a campaign that hit companies in Spain, including Cadena Sociedad Española de Radiodifusión (SER), the country’s largest radio network. In another part of the globe, threat actors managed to infect government systems in the sparsely populated Canadian territory of Nunavut with ransomware.
Spanish companies hit by ransomware attacks
Cadena SER released a statement on their webpage confirming the ransomware attack, noting that it had a significant and widespread impact on their systems. Although in-depth details regarding the attack were not provided, the message from the company said their technicians were working to recover the local programming of each of their stations, indicating that broadcasts — at least at the local level — were affected. The station also disconnected its computers from the internet as part of its security protocol.
According to reports from various media outlets, the Spanish IT consulting firm Everis was also a victim of ransomware. While the company has yet to release a public acknowledgement of the incident, leaks posted on social media show that the ransom note sent to the organization used the same text as the ones used in previous BitPaymer (detected as Ransom.Win32.BITPAYMER) attacks.
Government services in Nunavut also affected by ransomware
Even the remote Canadian region of Nunavut was not spared from ransomware. In a news release published on the Nunavut government’s website, the still-unknown ransomware variant used in the attack managed to encrypt individual files on various servers and workstations, resulting in disruption to government services that require access to electronic information stored on the network.
While these services are still open, the Nunavut government said that delays are to be anticipated. Furthermore, the government is also working on restoring data using existing back-ups.
Defending against ransomware attacks
Ransomware has been on the rise once again — according to Trend Micro’s 2019 midyear security roundup, ransomware detections in the first half of the year were up 77% compared to the latter half of 2018. Additionally, threat actors are expanding their scope of operations, not just targeting individuals and businesses but seeking new victims as well — notably local governments that lack comprehensive security systems in place.
It is highly recommended that organizations across all sectors implement the following best practices to prevent ransomware from affecting their systems:
- Keep regular back-ups of files and data, while also regularly checking for their integrity.
- Ensure that systems, networks, servers, and applications are consistently updated and patched.
- Enforce the principle of least privilege to minimize the attack surface.
[Best Practices: Best security practices to defend against ransomware]
Organizations can also look into sourcing third-party incident response teams for their security needs. Trend Micro™ Managed XDR is one such service, offering a wider scope of visibility and expert security analytics by integrating detection and response functions across networks, endpoints, emails, servers, and cloud workloads. Using advanced analytics and artificial intelligence (AI) techniques, the MDR team monitors the organization’s IT infrastructure 24/7 to correlate and prioritize alerts according to its level of severity. Organizations can have access to experienced cybersecurity professionals who can expertly perform a root cause analysis to get an understanding of how attacks are initiated, how far they spread in the network, and what remediation steps need to be taken.
In addition, Trend Micro solutions such as the Smart Protection Suites and Worry-Free™ Business Security solutions, which have behavior monitoring capabilities, can protect users and businesses from these types of threats by detecting malicious files, scripts, and messages as well as blocking all related malicious URLs. Trend Micro™ XGen™ security provides a cross-generational blend of threat defense techniques against a full range of threats for data centers, cloud environments, networks, and endpoints. It infuses high-fidelity machine learning with other detection technologies and global threat intelligence for comprehensive protection against advanced malware.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.