Coronavirus fears give web crooks a dangerous edge
In Pakistan the largest private power utility, K-Electric, recently suffered a Netwalker ransomware attack that led to the disruption of billing and online services. It also shows how the pandemic is changing digital crime.
K-Electric serves 2.5 million customers and employs over 10,000 people. While details surrounding how K-Electric's network was compromised with the Netwalker ransomware are scarce, this attack is a perfect example of recent ransomware trends.
Netwalker attacks are known to target victims using phishing emails disguised as COVID-19 updates from their organization, taking advantage of the heightened fears and anxieties that come with the current pandemic.
Netwalker attacks also up the traditional ransomware ante, by threatening to publish stolen data online if the ransom isn't paid. This means simply reaching for a backup isn't sufficient if sensitive data has been stolen that could compromise customers, employees, or partners, and could also damage an organization's reputation and public trust. Finally, Netwalker operates as a ransomware-as-a-service (RaaS), meaning the ransomware software is sold to other users who can customize it as they please. This results in many variants of Netwalker floating around that have different goals and attack techniques.
As ransomware evolves and more frequently targets the enterprise, organizations need to take care to keep security solutions updated, keep cold backups outside of the network, make sure all workstations and servers are running the latest OS and software patches, and try to reduce attack surfaces in general.
Gone are the days of simply running antivirus software for proper protection; organizations need to know where all sensitive data is located, lock down access to that data, and constantly monitor the network with real-time threat detection and response solutions.