Another ransomware attack! Business Essentials Security Checklist

Fresh E-Land Retail avoided ransomware around the shop with half the revenue of assaults on weekends.
Monday, November 23, 2020, 18:23 GMT

One of the strategies of Eland group ransomware attacks between weekend subsidiary E-Land Retail Associated stores (NC Department Store, New Core Outlet, Kim’s Club, etc has sustained damage such as company discontinuation. The attack organisation, the intrusion path, the type of ransomware, and the risks were not revealed at this time. Many offline stores are running as of the 23rd, but retrieving all data will take a longer time.

Ransomware, as its name implies, refers to malicious malware that after encrypting user or business data, demands ‘Ransom.’ In addition, by threatening to spread additional information by the leaking of additional information, corporations suffer from headaches in the process. It became seriously known in Korea through the dissemination of ransomware through a loophole in flash ads on the ‘Pompu’ wide group platform, and globally, ‘Maze’, an organisation that used the ‘encryption + data distribution’ double threat technique.

image source sec intelligence

As such a safety check was proposed by the Korea Internet & Security Agency (hereinafter referred to as KISA) for the recent incidence of ransomware infections and information leakage incidents by businesses and individuals.

Employees are also subject to ransomware attacks if they do not comply with basic security rules when using a PC. Execution of malicious mail attachments (ransomware) disguised as official letters, resumes, estimates, etc.

Installation and execution of ransomware disguised as movies on illegal file sharing sites Websites with ransomware concealed with a web browser that does not compensate for weaknesses There are many cases of infection due to visits, etc.

Network storage (NAS) is also a target for ransomware attacks. If users and administrators do not set special access rights and use the default administrator account at the time of factory shipment, an attacker can easily distribute ransomware, and attack using vulnerabilities is possible even when security updates are not applied.

KISA has made several security recommendations to prevent such security incidents. First of all, in the case of corporate servers, the operating system and software whose security support has ended should be upgraded to the latest version, and security updates of the operating system and major programs (mail, web, JAVA, etc.) should be periodically checked and applied.

In addition, it is necessary to refrain from using the default remote ports (3389, 22), change the port number for remote control, and configure a firewall for the corresponding port. It is also possible to control access rights through additional authentication means such as OTP.