Ransomware attacks have been increasing in intensity over the past few months. Less than a week after incidents disrupted operations of various Spanish companies and paralyzed government services in the Canadian territory of Nunavut, another company has disclosed that that they were hit by a ransomware attack, this time involving the encryption of the customer data of SmarterASP.net, a popular hosting service provider for the web application framework ASP.NET.
An announcement posted on the SmartASP.net’s website stated that the attack compromised accounts of some of the company’s customers, with the data itself being locked by the attackers. Although the company did not provide details on the attack, some images posted on Twitter showed some files being encrypted with a .kjhbx affix.
Customer data was not the only thing affected by the ransomware attack – SmarterASP.net’s website itself was down for the whole of Saturday, only coming back online on Sunday morning.
According to their published statement, the company was working to prevent a similar incident from happening in the future.
Although the attack itself seems mundane in retrospect, what might be more important to highlight here is that threat actors are no longer going after the organizations themselves; they’re also targeting other parts of the supply chain.
In this case, the victim was a service provider for ASP.NET, an ubiquitous developer platform that many companies use to creating web-based applications. This means that the ransomware attack not only caused disruptions to SmartASP.net, but also compromised the files and data of their customers that were used for development purposes.
To minimize the impact of an incident such as this, it is highly recommended that developers keep backups of their important files and databases — preferably via the 3-2-1 rule. Furthermore, security gaps within the development cycle must also be filled via measures such as network segmentation, which involves separating critical assets in the build and distribution environments from the rest of the network.
Trend Micro helps development teams build securely, ship fast, and run anywhere. The Trend Micro Hybrid Cloud Security solution provides powerful, streamlined, and automated security within the organization’s DevOps pipeline and delivers multiple XGen™ threat defense techniques for protecting runtime physical, virtual, and cloud workloads. It also adds protection for containers via Deep Security and Deep Security Smart Check, which scans Docker container images for malware and vulnerabilities at any interval in the development pipeline to prevent threats before they are deployed.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.