SAC Wireless, a US-based Nokia subsidiary, has disclosed a data breach following a ransomware attack where Conti operators were able to successfully breach its network, steal data, and encrypt systems. The wholly-owned and independently-operating Nokia company, headquartered in Chicago, IL, works with telecom carriers, major tower owners, and original equipment manufacturers (OEMs) across the US. SAC Wireless found that personal information belonging to current and former employees (and their health plans’ dependents or beneficiaries) was also stolen during the ransomware attack on August 13, following a forensic investigation conducted with the help of external cyber security experts. “The threat actor, Conti, gained access to the SAC systems, uploaded files to its cloud storage, and then, on June 16, deployed ransomware to encrypt the files on SAC systems,” SAC says in data breach notification letters sent to an undisclosed number of impacted individuals.
The best defense against ransomware is to defend well against ways ransomware operators get an initial foothold on your network. Phishing emails, or brute forcing VPNs or RDP exposed to the Internet are some of the most common ways that attackers gain access. Train your users to spot and report phishing emails, use MFA for your VPNs, and don’t expose RDP to the Internet if at all possible. In addition to this, have multiple backups and practice an Incident Response plan to get back up and running quickly if your files do get encrypted. Even if you have backups, note that most ransomware gangs now extort companies with data leaks, so it’s always best to prevent ransomware operators from getting a foothold in the first place. Furthermore, one should have good endpoint detection such as an EDR, and have either an internal SOC or a service such as Binary Defense monitoring your alerts.