Channel Nine cyber attack has all the hallmarks of ransomware, without the ransom
Media mogul channel nine was under cyber-attack on Sunday, which crippled their operations. Television and digital production systems were offline for almost 24 hours. Channel nine described the nature of the attack as a sophisticated and calculated attack to disrupt the Channel nine network and its ability to present news.
Channel nine is seeking help from the Australian Cyber Security Centre(ACSC) to investigate the attack.
Channel nine also tweeted about this attack (see the video in the link below) and referred to a similar attack on TOLL last year. The nature attack is still being investigated, their reference to the attack on TOLL suggest that they are the victim of a RANSOMWARE attack.
Although the official statement is yet to be released, it is clear that malware spread within the network causing multiple production systems to be inaccessible.
We can put forward our detailed analysis once Channel nine officially publish their assessment/report on the incident, which might take some time.
Initial report on this incident or any of such incidents takes us to the point where we must ask ourselves few questions like
“What is ransomware?”
“How to prevent ransomware?”
“What can I do to be prepared for such incidents?”
“What to do if your organisation experience a ransomware attack?”
What is a Ransomware attack?
Ransomware is a type of malware which criminals use to extort money from their victims. It holds data to ransom using encryption or by locking users out of their device(s). Ransomware often starts with a phishing attack, in which emails with infected links are sent to the organisation’s staff. These emails are designed to deceive individuals into clicking on the infected link. Once the link is clicked malware is installed on the device and all files are encrypted. A decryption key is provided once the ransom is paid, usually in the form of Bitcoins.
How to avoid ransomware attacks?
- Absolutely nothing can replace employee training in the case of malware and phishing attacks.
- Patching systems, sub-systems, operating systems and solutions will avoid most of the common malware attacks.
- Never open untrusted email attachments or unverified links sent in emails.
- Use mail server security and filtering solutions.
- Never use work PC for personal tasks, even checking a personal email on work pc may lead to catastrophic events.
- An efficient SOC platform can help you prepare for critical incidents. If your SOC is not configured with well-defined use cases, then it is nothing more than a log collection solution.
The above list is not comprehensive and absolute. There are additional factors to consider to avoid a ransomware attack. Contact one of our representative for a detailed discussion on Ransomware and how Rabbon can provide value in securing your organisation from ransomware attacks.
Rabbon offer a comprehensive ransomware assessment, which is developed to identify your current preparedness for a ransomware attack.
Here is the sample report from one of our ransomware assessment.
Rabbon has developed a Ransomware Playbook which is well-aligned with our framework: Plan, Protect, Predict.
Our Ransomware playbook will help you address multiple focus areas like risk assessments, Control assessment, Roles and responsibilities, DR/BCP plans, contingency plans, a check-list to prepare for a ransomware attack. Our play book is well aligned with most of the SOC incident response processes. Here is the sample process to prepare for malware attacks from our playbook
Contact one of our representatives to get a sample copy of this playbook.
It is highly recommended to prepare your defence strategy so that you can tackle such events efficiently. An efficient strategy will include DR/BCP and Contingency plans. Additionally, you must develop threat hunting capabilities in your organisation’s SOC.
If you are outsourcing your SOC functionality, Rabbon suggests engaging with your vendor and develop a playbook that is customised for your organisation.
Rabbon delivers SOC services, FIREHAWK. Firehawk is developed to onboard your use cases quickly and efficiently. Here you can develop a use case to monitor the behaviour of your users and devices to generate alerts. We can build complex dashboards in Firehawk like Sankey chart for source and destination traffic mapping
Or file type analysis (See image below) in Firehawk.
TOP 5 Recommendations
We recommend to contact us if you require detailed consulting advice on ransomware. However, we are listing a few recommendations here to keep you safe from ransomware attacks: –
- Security teams must ensure that they have the right level of visibility over their critical assets.
- Protect identities using MFA, Password-less solutions. Implement Zero trust IAM architecture to restrict device and user access. Consider using solutions like Bastion to ensure secure remote access to your production environment.
- Introduce threat hunting capabilities in your SOC services to ensure that your team is continuously finding vulnerabilities in your organisations.
- Since COVID-19 , it is critical to add remote working in your cyber security policies
- User awareness programs should be arranged to raise cyber security awareness, threats and consequences of an incident.
Cyber space is not an option but it is embedded in your organisation’s DNA. Your business needs to be in cyber space irrespective of the size and industry of your organisation. Therefore, your business is always under cyber threat. A good cyber security strategy will include a comprehensive list of threats to your organisation. Ransomware attacks are one of those threats that can put a dent in your organisation’s reputation and will result in huge financial losses.
At Rabbon, we welcome you to discuss your challenges, future plans to protect your organisation from ransomware or any other malware attacks.
Cybersecurity is what we do
Rabbon is a Cybersecurity company. We lead a team of Cybersecurity experts and GRC Consultants, who help organisations become cyber resilient by providing access to effective and affordable cybersecurity services. We believe that “Cybersecurity is for everyone“
You can contact our Cyber Security Consultants for an obligation free consultation.
Phone : +61 2 80513207
Email: [email protected]