Attackers using the Ragnar Locker ransomware have successfully encrypted the systems of the Portuguese multinational energy giant Energias de Portugal (EDP) and are now demanding 1,580 in Bitcoin ($10.9 million USD) to decrypt the data. In the ransomware note, the attackers claim that they have stolen over 10TB of data and are threatening to leak company data if the ransom is not paid. The note included a small sample of the stolen data for proof of possession. Some of the information in the stolen data includes employee login credentials.
Analyst Notes
Remote Desktop Protocol (RDP), according to the FBI, is the most common method that ransomware attackers use to gain access to networks. With the working from home posture that many companies have been forced to adopt as a result of the COVID-19 crisis, RDP is being used more than ever to allow employees to remotely access corporate servers or workstations. There are several methods companies can use to increase protections. Users that have to access the network remotely should use a corporate Virtual Private Network (VPN) to securely connect to the company’s network, instead of exposing RDP servers directly to the Internet. Employees should use complex and unique passwords in their login credentials, and multi-factor authentication (MFA) should be enabled to protect systems from unauthorized access even if a password is compromised. Backing up data is a very strong way to recover from any ransomware attack. Binary Defense recommends following the 3-2-1 rule of backups: keep 3 copies of the data on 2 different storage devices with 1 of them being offsite. Companies should also monitor their endpoints for malicious programs and attacker behaviors that can give early warning of a compromise if attackers gain access. The Binary Defense Security Operations Center (SOC) monitors endpoints 24 hours a day to detect and defend from attacks before they have a chance to do damage.
To read more: https://www.bleepingcomputer.com/news/security/ragnarlocker-ransomware-hits-edp-energy-giant-asks-for-10m/
FBI Recommendations: https://www.bleepingcomputer.com/news/security/fbi-says-140-million-paid-to-ransomware-offers-defense-tips/
