Swiss info security body warns of ransomware attacks against businesses

Maria Nikolova

Over the recent weeks, MELANI/GovCERT dealt with more than a dozen ransomware cases.

Switzerland’s Reporting and Analysis Centre for Information Assurance (MELANI) today issued a warning regarding a high number of ransomware attacks against Swiss businesses over the past weeks.

In recent weeks, MELANI / GovCERT has dealt with more than a dozen ransomware cases in which unknown perpetrators encrypted the systems of Swiss SMEs and large companies and rendered them unusable. The attackers made ransom demands of several tens of thousands of Swiss francs, in some cases even millions.

A technical analysis of the incidents revealed that the IT security of the companies affected was often incomplete and the usual best practices (Information security checklist for SMEs) were not fully observed. Furthermore, warnings from the authorities were not heeded.

During the analysis of the incidents in recent weeks, certain weaknesses were identified as the gateway for cyberattacks, such as ignoring the warning messages from antivirus software that malware had been found on servers (e.g. domain controllers). In some cases, remote connections to systems, so-called Remote Desktop Protocols (RDP), were protected with a weak password and the input was only set to the default (standard port 3389) and without restrictions (e.g. VPN or IP filter).

If systems have been encrypted by ransomware, MELANI advises against making a ransom payment. As a general rule, MELANI does not recommend paying because the money will support the hacker’s infrastructure. It should also be noted that even if a ransom is paid, there is no guarantee that the blackmailer will decrypt the data.

If a ransom payment is nevertheless being considered, it should be noted that although systems and data might be decrypted, the underlying infection from malware such as “Emotet” or “TrickBot” will remain active. As a result, the attackers still have full access to the affected company’s network and can, for example, reinstall ransomware or steal sensitive data from it.

MELANI is aware of cases in Switzerland and abroad where the same companies have been victims of ransomware several times within a very short period of time.

Let’s note that, about a week ago, the UK National Cyber Security Center issued an advisory regarding Trickbot. Trickbot is an established banking trojan used in cyber attacks against businesses and individuals. Trickbot attacks are designed to access online accounts, including bank accounts, in order to obtain personally identifiable information (PII). In some cases, Trickbot is used to infiltrate a network. Once inside it can be used to deploy other malware, including ransomware and post-exploitation toolkits.

Read this next

Market News

USDJPY has surged to levels last witnessed in 2022. Should we consider opening a short position?

The recent resurgence of the US dollar has propelled USD/JPY to new heights, touching levels not seen since 2022. This surge comes against the backdrop of stable short-term yields and ongoing economic data that fails to signal a significant slowdown, prompting questions about the extent of current monetary easing measures.

Digital Assets

DED Trends on Twitter After Memecoin Snapshot Announcement

Polkadot-backed community coin #DED, made it to the trending charts on X, demonstrating community’s engagement and interest behind the memecoin. 

Digital Assets

BlockDAG Presale Nears $10 Million Amid Toncoin’s Momentum, Green Bitcoin’s Presale, and the Rise of Other Top Cryptos

This article will examine three top trending topics: Toncoin’s potential, Green Bitcoin’s innovative presale, and BlockDAG’s sustainable mining approach. These cryptocurrencies take centre stage for their uniqueness and innovation.

Digital Assets

Coinbase scores minor victory vs SEC, but lawsuit to proceed

A federal judge in Manhattan, U.S. District Judge Katherine Polk Failla, ruled on Wednesday that the U.S. Securities and Exchange Commission’s (SEC) lawsuit against Coinbase can largely proceed.

Web3

COTI Teams Up with Civic for Enhanced Digital Identity Control

СOTI and Civic are teaming up to enhance digital identity security in Web3, aiming to provide users with more control over their digital selves through innovative technology.

Digital Assets

BlockDAG Takes on Chainlink (LINK) Crypto, and RON With DeFi Card and 5000x Profit Potential

Explore BlockDAG’s innovative DeFi card, which transforms cryptocurrency into spendable cash, alongside Chainlink (LINK) crypto and Ronin’s advancements.

Digital Assets

Court finally decides on Sam Bankman-Fried sentence, experts predict 20 years

Sam Bankman-Fried, the former CEO of the now-defunct cryptocurrency exchange FTX, is set to face sentencing on Thursday in a pivotal moment that could see the entrepreneur beginning a lengthy period in federal prison.

Crypto Insider

DeFi Winter Thaws: A Look at the Emerging Landscape

The past year has seen a significant shift in the Decentralized Finance (DeFi) market, transitioning from a period of decline (“DeFi winter”) to a potential season of growth.

Digital Assets

KuCoin announces $10 million airdrop as users withdraw $1.2 billion

KuCoin – the fourth-largest crypto exchange in the world by trading volume – today announced plans to distribute $10 million worth of Bitcoin and its native KCS token via an airdrop event.

<