Swiss info security body warns of ransomware attacks against businesses

Maria Nikolova

Over the recent weeks, MELANI/GovCERT dealt with more than a dozen ransomware cases.

Switzerland’s Reporting and Analysis Centre for Information Assurance (MELANI) today issued a warning regarding a high number of ransomware attacks against Swiss businesses over the past weeks.

In recent weeks, MELANI / GovCERT has dealt with more than a dozen ransomware cases in which unknown perpetrators encrypted the systems of Swiss SMEs and large companies and rendered them unusable. The attackers made ransom demands of several tens of thousands of Swiss francs, in some cases even millions.

A technical analysis of the incidents revealed that the IT security of the companies affected was often incomplete and the usual best practices (Information security checklist for SMEs) were not fully observed. Furthermore, warnings from the authorities were not heeded.

During the analysis of the incidents in recent weeks, certain weaknesses were identified as the gateway for cyberattacks, such as ignoring the warning messages from antivirus software that malware had been found on servers (e.g. domain controllers). In some cases, remote connections to systems, so-called Remote Desktop Protocols (RDP), were protected with a weak password and the input was only set to the default (standard port 3389) and without restrictions (e.g. VPN or IP filter).

If systems have been encrypted by ransomware, MELANI advises against making a ransom payment. As a general rule, MELANI does not recommend paying because the money will support the hacker’s infrastructure. It should also be noted that even if a ransom is paid, there is no guarantee that the blackmailer will decrypt the data.

If a ransom payment is nevertheless being considered, it should be noted that although systems and data might be decrypted, the underlying infection from malware such as “Emotet” or “TrickBot” will remain active. As a result, the attackers still have full access to the affected company’s network and can, for example, reinstall ransomware or steal sensitive data from it.

MELANI is aware of cases in Switzerland and abroad where the same companies have been victims of ransomware several times within a very short period of time.

Let’s note that, about a week ago, the UK National Cyber Security Center issued an advisory regarding Trickbot. Trickbot is an established banking trojan used in cyber attacks against businesses and individuals. Trickbot attacks are designed to access online accounts, including bank accounts, in order to obtain personally identifiable information (PII). In some cases, Trickbot is used to infiltrate a network. Once inside it can be used to deploy other malware, including ransomware and post-exploitation toolkits.

Read this next

Digital Assets

BlackRock digs further into crypto with metaverse ETF

BlackRock, the world’s largest asset manager with almost $10 trillion in AUM, is set to launch a new metaverse ETF to help investors securely monetize on the booming immersive version of the internet.

Digital Assets

Binance wins license in New Zealand as rival Huobi shutters derivatives

Binance, the world’s largest crypto exchange by traded volume, has obtained licenses to operate in New Zealand, even after rival Huobi shutdown derivatives trading last month due to concerns about regulations.

Retail FX

Hong Kong busts perpetrators of ‘ramp and dump’ scam

Hong Kong’s financial watchdog, the Securities and Futures Commission (SFC), has charged thirteen suspects of market manipulation in a joint operation with the local police.

Institutional FX

TradingView integrates market data from German Tradegate exchange

TradingView announced that it ‎has increased data coverage to allow its users to receive information from ‎and get free access to the intra-day and tick data from Tradegate Exchange.

Retail FX

Spotware Systems introduces Custom Push Notifications for cTrader mobile apps

Spotware Systems, a technology provider for the electronic trading industry, is introducing a new push notification feature to alert mobile users of price swings and market fluctuations through their cTrader app.

Market News

The Week Ahead: 30 September from David Madden, Market Analyst at Equiti Group

Sterling dominated the headlines last week, as there were concerns the UK government might struggle to service its debt.

Inside View

How does the quality of signal providers affect your business?

A must-have onboarding process for brokers with investment services like PAMM, MAM, or copy trading

Technology

DBS deploys Nasdaq Trade Surveillance

“The confidence that markets and our clients have in DBS as a safe and trusted banking group is anchored on our ability to detect and respond to anomalous activity, which in turn calls for a robust surveillance and prevention infrastructure.”

Industry News

SEC charges Justin Costello and David Ferraro for securities fraud and posing as billionaire veteran

The Securities and Exchange Commission charged Cannabis executive Justin Costello and David Ferraro, an associate of Costello’s, for promoting the stock of several microcap companies on social media without disclosing their own simultaneous stock sales as market prices rose.

<