Swiss info security body warns of ransomware attacks against businesses

Maria Nikolova

Over the recent weeks, MELANI/GovCERT dealt with more than a dozen ransomware cases.

Switzerland’s Reporting and Analysis Centre for Information Assurance (MELANI) today issued a warning regarding a high number of ransomware attacks against Swiss businesses over the past weeks.

In recent weeks, MELANI / GovCERT has dealt with more than a dozen ransomware cases in which unknown perpetrators encrypted the systems of Swiss SMEs and large companies and rendered them unusable. The attackers made ransom demands of several tens of thousands of Swiss francs, in some cases even millions.

A technical analysis of the incidents revealed that the IT security of the companies affected was often incomplete and the usual best practices (Information security checklist for SMEs) were not fully observed. Furthermore, warnings from the authorities were not heeded.

During the analysis of the incidents in recent weeks, certain weaknesses were identified as the gateway for cyberattacks, such as ignoring the warning messages from antivirus software that malware had been found on servers (e.g. domain controllers). In some cases, remote connections to systems, so-called Remote Desktop Protocols (RDP), were protected with a weak password and the input was only set to the default (standard port 3389) and without restrictions (e.g. VPN or IP filter).

If systems have been encrypted by ransomware, MELANI advises against making a ransom payment. As a general rule, MELANI does not recommend paying because the money will support the hacker’s infrastructure. It should also be noted that even if a ransom is paid, there is no guarantee that the blackmailer will decrypt the data.

If a ransom payment is nevertheless being considered, it should be noted that although systems and data might be decrypted, the underlying infection from malware such as “Emotet” or “TrickBot” will remain active. As a result, the attackers still have full access to the affected company’s network and can, for example, reinstall ransomware or steal sensitive data from it.

MELANI is aware of cases in Switzerland and abroad where the same companies have been victims of ransomware several times within a very short period of time.

Let’s note that, about a week ago, the UK National Cyber Security Center issued an advisory regarding Trickbot. Trickbot is an established banking trojan used in cyber attacks against businesses and individuals. Trickbot attacks are designed to access online accounts, including bank accounts, in order to obtain personally identifiable information (PII). In some cases, Trickbot is used to infiltrate a network. Once inside it can be used to deploy other malware, including ransomware and post-exploitation toolkits.

Read this next

Executive Moves

TopFX promotes Omar Al-Janabi to head of sales and business development

Prime brokerage firm TopFX has strengthened its Middle East operations with the promotion of Omar Al-Janabi, who is taking on an expanded role as global head of sales and business development.

Retail FX

Plus500 says 2022 revenue to be ‘significantly’ ahead of analysts’ estimates

Israeli-based, but London-stock market listed Plus500 said it expects annual revenue and earnings to be ahead of analysts’ estimates even as trading levels normalised from record volumes in the first quarter.

Digital Assets

Crypto derivatives giant BitMEX launches spot market

Crypto exchange BitMEX is looking to branch out of its singular focus on crypto derivatives with a suite of new product offerings. Although derivatives are to remain at the heart of BitMEX’s business, the popular platform will add spot crypto trading as it aims to aggressively grow their user base.

Uncategorized

PrimeXM reports mixed trading volumes for April

PrimeXM has reported weaker trading volumes for April 2022, in line with other institutional and retail platforms that saw the activity of their clients dropped compared to a month earlier.

Digital Assets

DLT Finance approved by BaFin to support brokerage and custody of digital assets

DLT Finance is already partnered with big names within the digital asset space, including Kraken, Bitstamp, B2C2, and Bittrex.

Institutional FX

LUKB taps vestr to launch actively managed products, AMCs

The partnership with vestr goes to show the growing importance of digitising the active investment management space.

Digital Assets

Jewel taps Tokeny to launch stablecoin-as-a-service solution on Polygon

Jewel aims to offer a stablecoin-as-a-service solution to other digital asset and financial institutions B2B, allowing those businesses to provide cheaper, easier and near real time payments with stablecoins issued and redeemable directly at the bank level at Jewel.

Industry News

SEC charges $410+ million Ponzi scheme with pre-IPO shares

We allege that the defendants deceived investors about the pre-IPO shares they held, how much they were charging in fees, and who was controlling the business—all while paying themselves more than $75 million.

Industry News

FNZ taps data analytics GIST to address ESG ratings bias

The allocation of capital is critical to driving the change required to transition to net-zero and building a more sustainable economy and society.

<