Blog Artikel | SmartRiskSolutions

Risk of cyber extortionists cashing twice

Read about the risk of getting attacked by the same cyber extortionists twice in a short time. learn, how to minimize the risk.

by Marc Brandner

 

According to a report by the National Cyber Security Centre (January 2021) in the UK, a company paid a ransom to a hacker group twice within two weeks. The company was the victim of a ransomware attack. In order to decrypt the data again, the organisation paid a sum equivalent to 7.4 million Euros.

 

Without investigating the cause of the hacker attack, finding and closing the vulnerability, business operations continued after the first ransom payment. After a short time, the same perpetrators attacked the company's network again and once more used an encryption malware. The company had no choice but to pay a ransom for the second time.

Lessons from the incident

For victim organisations, it is understandably a top priority to be able to use the data again and continue doing business. However, one should not only focus on the visible symptoms (encryption of data by the cyber extortionists), but also on the cause. How did the attack occur and is the attacker no longer able to gain access? It is also possible in principle that perpetrators carry out a ransomware attack to distract from another attack.

Recommendations

  • Be absolutely suspicious towards the perpetrators, even if they seem to be very cooperative. We experience again and again that the actions of those affected are influenced by the hope of fairness by the perpetrator and driven by the desire to quickly return to "normal".
  • Negotiations with extortionists also serve to gain time for the investigation of the incident by the IT forensic experts - and that takes time.
  • Furthermore, it is important to demonstrate in negotiations with the cyber criminals that the company is an unattractive target for future extortion attempts. This often leads to a reduction in the ransom demand.
  • Ensure through extensive forensic investigations that the perpetrator does not have access to the network through a backdoor. This also applies to backups used. Make sure that the attacker does not have administrator rights in the restored system.

 

SmartRiskSolutions is active, among other areas, in the crisis response of kidnapping and extortion cases - including cyber extortions. But also in crisis prevention and the establishing of crisis management structures. More information on cyber crisis management can be found here.

Go back

Contact

Call us, write us a message or arrange a personal consultation appointment - we are here for you and look forward to implementing your wishes together with you.

SmartRiskSolutions GmbH
Nördliche Münchner Straße 14a
82031 Grünwald
T: +49 (89) 12503247 0
E: info (at) smartrisksolutions.de

© 2015-2024 SmartRiskSolution GmbH. All Rights Reserved.
  • Maps
  • downloads and resources
Settings saved

Privacy settings

Select an option to continue

user_privacy_settings

Domainname: smartrisksolutions.de
Ablauf: 30 Tage
Speicherort: Localstorage
Beschreibung: Speichert die Privacy Level Einstellungen aus dem Cookie Consent Tool "Privacy Manager".

user_privacy_settings_expires

Domainname: smartrisksolutions.de
Ablauf: 30 Tage
Speicherort: Localstorage
Beschreibung: Speichert die Speicherdauer der Privacy Level Einstellungen aus dem Cookie Consent Tool "Privacy Manager".

ce_popup_isClosed

Domainname: smartrisksolutions.de
Ablauf: 30 Tage
Speicherort: Localstorage
Beschreibung: Speichert, dass das Popup (Inhaltselement - Popup) durch einen Klick des Benutzers geschlossen wurde.

onepage_animate

Domainname: smartrisksolutions.de
Ablauf: 30 Tage
Speicherort: Localstorage
Beschreibung: Speichert, dass der Scrollscript für die Onepage Navigation gestartet wurde.

onepage_position

Domainname: smartrisksolutions.de
Ablauf: 30 Tage
Speicherort: Localstorage
Beschreibung: Speichert die Offset-Position für die Onepage Navigation.

onepage_active

Domainname: smartrisksolutions.de
Ablauf: 30 Tage
Speicherort: Localstorage
Beschreibung: Speichert, dass die aktuelle Seite eine "Onepage" Seite ist.

view_isGrid

Domainname: smartrisksolutions.de
Ablauf: 30 Tage
Speicherort: Localstorage
Beschreibung: Speichert die gewählte Listen/Grid Ansicht in der Demo CarDealer / CustomCatalog List.

portfolio_MODULE_ID

Domainname: smartrisksolutions.de
Ablauf: 30 Tage
Speicherort: Localstorage
Beschreibung: Speichert den gewählten Filter des Portfoliofilters.

Eclipse.outdated-browser: "confirmed"

Domainname: smartrisksolutions.de
Ablauf: 30 Tage
Speicherort: Localstorage
Beschreibung: Speichert den Zustand der Hinweisleiste "Outdated Browser".

_ga

Domainname: smartrisksolutions.de
Ablauf: 30 Tage
Speicherort: Localstorage
Beschreibung: Enthält eine zufallsgenerierte User-ID. Anhand dieser ID kann Google Analytics wiederkehrende User auf dieser Website wiedererkennen und die Daten von früheren Besuchen zusammenführen.

_gat

Domainname: smartrisksolutions.de
Ablauf: 1 Minute
Speicherort: Localstorage
Beschreibung: Bestimmte Daten werden nur maximal einmal pro Minute an Google Analytics gesendet. Das Cookie hat eine Lebensdauer von einer Minute. Solange es gesetzt ist, werden bestimmte Datenübertragungen unterbunden.

_gid

Domainname: smartrisksolutions.de
Ablauf: 24 Stunden
Speicherort: Localstorage
Beschreibung: Enthält eine zufallsgenerierte User-ID. Anhand dieser ID kann Google Analytics wiederkehrende User auf dieser Website wiedererkennen und die Daten von früheren Besuchen zusammenführen.

Contact details

SmartRiskSolutions GmbH
Noerdliche Muenchner Strasse 14a
82031 Gruenwald
Germany

T: +49 (89) 1250 3247 0
E: info(at)smartrisksolutions.de 

Contact form

Use the form to contact us for general inquiries, to request a quote for our services or if you have a question or comment.

You are using an outdated browser. The website may not be displayed correctly. Close