Threat Watch

South Korean Conglomerate E-Land Infected by Undisclosed Ransomware

South Korean conglomerate E-Land has been infected by a ransomware attack over the weekend causing several retail stores to shut down. Chang-Hyun Seok, CEO of E-Land Retail, confirmed today the ransomware had infected systems at the E-Land headquarters on November 22nd. To prevent the ransomware from spreading further, portions of their network were shut down which impacted 23 of 50 NC Department and NewCore Outlet stores. Seok has also stated that customer and other sensitive data is stored encrypted on other unaffected servers and is believed to be safe. It is not currently known what ransomware family is responsible for the attack or how the attack began.

ANALYST NOTES

As ransomware threats continue to grow every day, all organizations should take precautions against this type of attack. To prevent data loss, it’s important to maintain offline, encrypted backups of data and to regularly test them. Backups should be taken at regular intervals to ensure minimal data-loss if they are ever needed. Create and maintain an incident response plan that includes response and notification procedures for a ransomware incident. Regularly patch software and operating systems to the latest available versions. Employ best practices for use of RDP and other remote desktop services. Threat actors commonly gain initial access through insecure internet-facing remote services or phishing. When an attack makes it through the outer layers of defense, it is important to have sufficient monitoring of endpoints and network devices, with quick response from a Security Operations Center that operates 24 hours a day, every day. For a more in-depth ransomware defense best practices and how to deal with a ransomware incident, see the CISA Ransomware Guide.

Source: https://www.bleepingcomputer.com/news/security/ransomware-forces-e-land-south-korean-retail-giant-to-close-stores/