An Indian software company, Nucleus Software Exports, has recently been struck with appears to be EpsilonRed Ransomware. The attack occurred on May 30th and caused significant damage to certain systems while also encrypting data. A portion of a statement made to financial regulators read, “So far as sensitive data is concerned, we’d like to assure our customers that there is NO financial data of any customer available/stored with us and therefore the question of any leakage or loss of client data does not arise.” The actors behind EpsilonRed typically target unpatched Exchange servers, and while Nucleus has not confirmed that this was the attack entry, the team at Sophos believes so. The good news is the EpsilonRed ransomware is relatively new, so an Emsisoft malware analyst says files can possibly be recovered without paying the ransom, under certain conditions.
Defending against ransomware requires a defense in depth strategy that companies should plan carefully. Prevention and preparation steps include having a tested backup strategy and recovery plan, education employees about phishing threats and the danger of password reuse, enabling Multi-Factor Authentication (MFA), and keeping security patches up to date for critical software products. Detection and response requires 24/7 monitoring of security events from network and endpoint sensors, and constant improvement of threat detection capabilities through proactive threat hunting. Attackers’ evasion tactics will always continue to evolve, but it is advised that companies pair a trusted antivirus software with some type of endpoint monitoring solution in order to better protect themselves.