The National Cyber Security Centre SK-CERT has recorded an increased incidence of significant and successful ransomware attacks in Slovakia. Recently, similar activities have intensified in the Central Europe.
The National Security Authority (hereinafter referred to as NSA) warns companies and institutions to secure and make a backup of their systems without delay. If they neglect this step, they risk a major financial loss.
Ransomware is one of the biggest threats to data. The attacker infiltrates the system, encrypts access to it and may demand a ransom from the owner or operator for returning the access.
NSA can confirm that this method was used by hackers in several Slovak organisations where they managed to encrypt critical data. They limited both the functioning and work activity of those institutions.
Currently, the Slovak organisations are blackmailed and have to pay a ransom in the amount of hundreds of thousands of euros to re-access the systems and restore their full functionality.
The National Cyber Security Centre SK-CERT therefore strongly recommends the following:
- companies need to back up important information. This is the best possible measure to ensure data security;
- it is necessary to check the backup systems and their functionality in order to prevent such situations; companies need to back up their important information;
- the backed up data must be physically separated from the backup infrastructure. Ransomware has the ability to spread and reproduce on an internal network and actively search for existing backups and encrypt them;
- to check the backup functionality and recovery options for critical systems on a regular basis;
- if an incident has occurred, it is necessary to identify affected devices and systems and isolate them from the network;
- if several systems and subnets have been affected, turn off the network at switch level. If it is not possible to disconnect the network at the level of network elements, disconnect individual devices from the network (network cable disconnection, Wi-Fi shutdown and so on);
- affected devices should be shut down only if they cannot be completely isolated from the network infrastructure. Shutting down the device leads to irreversible destruction of data stored in RAM, which may contain valuable data and the data necessary for more detailed analysis of malware activity and decryption of affected files;
- in case of any suspicion, do not hesitate to contact NSA at [email protected] or the police.
« Späť na zoznam