At Nihon Cyber Defence (NCD) we see the impact that cyber-attacks and in particular ransomware attacks can have. Whilst it has been major ransomware attacks that have dominated the headlines, the reality is that an enormous range of organisations are being impacted.
This increase in the number and sophistication of attacks has been driven by Ransomware as a Service (RaaS), that has made sophisticated cyber tools available to a growing range of criminal groups.
Dealing with a major cyber incident
For an organisation’s senior management, a ransomware attack is a major test of leadership. At NCD we believe that is important that senior managers, who are often under immense pressure, are supported through an incident. We have therefore – at the suggestion of several organisations that we have helped – are launching a cyber security advice service.
The key elements of this service are that it is:
- Cost effective
- Provides access to world-class cyber security experts
- For anyone in a leadership position
The sole purpose of the NCD Advice Service is to help you recover from a Cyber Attack
The way that this service works is:
- Companies that believe that they may have become the victim of a cyber-attack, contact NCD through our online portal (please do not use an email address that may have been compromised in the attack).
- A Non-Disclosure Agreement (NDA) is quickly put in place to ensure complete confidentiality.
- After an initial discussion with a native Japanese speaker, a secure video conferencing call will be set up between the company’s management and world-class cyber security experts who have dealt with many hundreds of cyber security incidents. This call can be in English or with Japanese translation.
- During the call senior managers CEO’s, CIOs, CFO’s, CISO’s or anyone else who finds themselves in a cyber incident management leadership role will have the opportunity to ask questions of these experts. These can be general questions around best and poor practice or specific technical questions.
Asking the right questions
For senior managers who do not have a technical background we will equip you with the questions to ask of your Incident Response team. They could include:
- Technical Understanding – How did the incident happen? Has the access and attack vector been identified and closed? Is the attacker off the network or still there? Is there still a risk of further attack
- Mitigation – What is the damage? What data has been affected or exfiltrated. How do we deal and mitigate this?
- Attribution and Investigation – Who was behind the attack? Why was the victim targeted? Is there an option to pay? Will we negotiate to identify the data exfoliated or to delay exposure? Do we know where the exposure will be … can we disrupt this? Can we recover the encrypted data? Should you involve law enforcement?
- Regulatory– What action is required from the data protection authorities or financial regulatory authorities?
- Comms – What is the internal and external Comms plan? Will this be protective or reactive (pending exposure)? How will we inform affected data subjects?
- Resilience – What is the plan to rebuild our network securely and how can we re-establish customer confidence and commercial reputation?
- Governance – What advice and guidance should be made available to the Board during an incident? How should the Incident be managed?
- Support – What external support do you require? As importantly, what support do we not require? How do we manage the expense of this support?
- Engagement with the hostile actors. Should we engage? What are the risks associated with paying the ransom? How should engagement be taken forward?
Whilst this is designed to be a one-off service, many of our clients have found our experts’ advice to be invaluable and ask us to remain engaged acting as a critical friend or to provide specialist technical services through the attack.
- Preparation– boards awareness, incident planning and exercising
- Monitoring – developing the deployment of the technical solutions pre and post in a cyber incident
Our customers tell us that, having won the work, the major consulting companies use primarily junior staff to carry out the work. At NCD we only use consultants with many decades of experience.
Latest Ransomware News!!
On Monday 25th of June, the book publisher, Macmillan disclosed they had experienced a cyber-attack which has been believed to be a ransomware attack by experts as the publisher had initially stated that a portion of the company’s files had been encrypted and that they had taken protection measures by taking their systems offline to prevent further compromise. Employees of
On Monday 27th of June 2020, the new Yanluowang ransomware operation claimed in a published entry to their data leak site that they had breached, the American retailer, Walmart and encrypted between 40,000 and 50,000 devices. Additionally, various files were uploaded with the entry which allegedly contains information extracted from Walmart’s Windows domain during the attack. “We encrypted about 40-50k Walmart
Ex-Canadian government employee linked to NetWalker Ransomware crew pleads guilty to U.S. ransomware charges
On Tuesday 28th of June 2022, 34-year-old Sebastien Vachon-Desjardins pleaded guilty in a US court to conspiring to commit computer and wire fraud, intentionally damaged a protected computer, and transmitted a demand in relation to damaging a protected computer. The former Canadian government employee has been described as “one of the most prolific NetWalker Ransomware affiliates” responsible for extorting said millions
On Sunday 26th of June 2022, Wiltshire Farm Foods, a leading UK producer of frozen ready meals disclosed that its systems had been taken down after experiencing a serious cyber-attack. The incident has resulted in the company being unable to make deliveries to their customers and is unable to contact customers personally due to them not having access to their
Black Basta ransomware gang are on track to become a highly dangerous group after hitting 50 organisations in just two months
Two recent reports by cyber security researchers have revealed that the new ransomware group known as Black Basta have claimed to have successfully attacked 50 victims in just two months while also revealing that the new group has links to veteran gangs like REvil and Conti. “The Black Basta gang has added nearly 50 victims to their list as of
Research reveals that Chinese APT are using short-lived ransomware variants as a disguise for cyberespionage activities
On the 23rd of June 2022, cybersecurity researchers from Secureworks published new research which named several ransomware variants which have been identified as being used by a state-backed hacking group with China-linked origins known as ‘Bronze Starlight’ to disguise the true objective of their attacks that is for conducting cyberespionage activities. The research looked into HUI Loader, which is a