Swiss info security body warns of ransomware attacks against businesses

Maria Nikolova

Over the recent weeks, MELANI/GovCERT dealt with more than a dozen ransomware cases.

Switzerland’s Reporting and Analysis Centre for Information Assurance (MELANI) today issued a warning regarding a high number of ransomware attacks against Swiss businesses over the past weeks.

In recent weeks, MELANI / GovCERT has dealt with more than a dozen ransomware cases in which unknown perpetrators encrypted the systems of Swiss SMEs and large companies and rendered them unusable. The attackers made ransom demands of several tens of thousands of Swiss francs, in some cases even millions.

A technical analysis of the incidents revealed that the IT security of the companies affected was often incomplete and the usual best practices (Information security checklist for SMEs) were not fully observed. Furthermore, warnings from the authorities were not heeded.

During the analysis of the incidents in recent weeks, certain weaknesses were identified as the gateway for cyberattacks, such as ignoring the warning messages from antivirus software that malware had been found on servers (e.g. domain controllers). In some cases, remote connections to systems, so-called Remote Desktop Protocols (RDP), were protected with a weak password and the input was only set to the default (standard port 3389) and without restrictions (e.g. VPN or IP filter).

If systems have been encrypted by ransomware, MELANI advises against making a ransom payment. As a general rule, MELANI does not recommend paying because the money will support the hacker’s infrastructure. It should also be noted that even if a ransom is paid, there is no guarantee that the blackmailer will decrypt the data.

If a ransom payment is nevertheless being considered, it should be noted that although systems and data might be decrypted, the underlying infection from malware such as “Emotet” or “TrickBot” will remain active. As a result, the attackers still have full access to the affected company’s network and can, for example, reinstall ransomware or steal sensitive data from it.

MELANI is aware of cases in Switzerland and abroad where the same companies have been victims of ransomware several times within a very short period of time.

Let’s note that, about a week ago, the UK National Cyber Security Center issued an advisory regarding Trickbot. Trickbot is an established banking trojan used in cyber attacks against businesses and individuals. Trickbot attacks are designed to access online accounts, including bank accounts, in order to obtain personally identifiable information (PII). In some cases, Trickbot is used to infiltrate a network. Once inside it can be used to deploy other malware, including ransomware and post-exploitation toolkits.

Read this next

Digital Assets

Flock.io and io.net Unite to Pave the Way for Decentralized AI Development

In an effort to create a community-driven Flock.io platform for on-chain, decentralized AI models; the leaders have decided to join hands with io.net to power Flock with decentralized computing.

blockdag

Crypto 2025: The Action Points to Follow to Capitalize on Bitcoin and BlockDAG Network’s 2025 20000X ROI Predictions

In this analysis, we delve into the price predictions for Bitcoin and BlockDAG Network, and we explore the factors driving these projections while offering actionable insights for investors that are looking to capitalize on the 20000x potential of these projects.

Retail FX

Orfinex joins Financial Commission as approved broker member

Multi-asset brokerage firm Orfinex has become a member of the Financial Commission, joining the ranks of the self-regulatory organization. This accreditation reassures traders that the firm meets the quality standards set by the commission.

Fintech

Telegram CEO’s Bitcoin stash valued in hundreds of millions

Telegram CEO Pavel Durov revealed that he has held several hundred million dollars in fiat and bitcoin for the past decade.

Digital Assets

Bitcoin drops below $60K as halving just 300 blocks away

Bitcoin fell below the $60,000 mark on April 17, just days before a scheduled reduction in mining rewards, known as the “halving,” which is set to occur on April 20.

Chainwire

New Meme Coin ICO Dogeverse Raises $6 Million After Completing Coinsult Audit

A new multichain meme coin, Dogeverse, has raised $6 million in its presale and recently passed a smart contract audit.

The new meme coin leverages bridge technology, ensuring the token is available across the most prominent on-chain markets.

Retail FX

Interactive Brokers posts Q1 earnings, raises dividend

Interactive Brokers Group Inc (NASDAQ:IBKR) announced its first-quarter financial results for the period ending March 31, 2024. The leading automated global electronic broker reported a GAAP diluted EPS of $1.61 and an adjusted EPS of $1.64.

Fundamental Analysis, Tech and Fundamental

Global FX Market Summary: USD, FED, Gold  April 17 ,2024

The Fed’s hawkish stance on interest rates is strengthening the US dollar while central banks globally grapple with inflation and economic growth.

Digital Assets

Kraken launches self-custodial wallet, joining competitors like Coinbase

Kraken, the second-largest U.S.-based cryptocurrency exchange, has introduced its own digital wallet, aligning its offerings with those of competitors like Coinbase.

<