At Nihon Cyber Defence (NCD) we see the impact that cyber-attacks and in particular ransomware attacks can have. Whilst it has been major ransomware attacks that have dominated the headlines, the reality is that an enormous range of organisations are being impacted.
This increase in the number and sophistication of attacks has been driven by Ransomware as a Service (RaaS), that has made sophisticated cyber tools available to a growing range of criminal groups.
Dealing with a major cyber incident
For an organisation’s senior management, a ransomware attack is a major test of leadership. At NCD we believe that is important that senior managers, who are often under immense pressure, are supported through an incident. We have therefore – at the suggestion of several organisations that we have helped – are launching a cyber security advice service.
The key elements of this service are that it is:
- Cost effective
- Provides access to world-class cyber security experts
- For anyone in a leadership position
The sole purpose of the NCD Advice Service is to help you recover from a Cyber Attack
The way that this service works is:
- Companies that believe that they may have become the victim of a cyber-attack, contact NCD through our online portal (please do not use an email address that may have been compromised in the attack).
- A Non-Disclosure Agreement (NDA) is quickly put in place to ensure complete confidentiality.
- After an initial discussion with a native Japanese speaker, a secure video conferencing call will be set up between the company’s management and world-class cyber security experts who have dealt with many hundreds of cyber security incidents. This call can be in English or with Japanese translation.
- During the call senior managers CEO’s, CIOs, CFO’s, CISO’s or anyone else who finds themselves in a cyber incident management leadership role will have the opportunity to ask questions of these experts. These can be general questions around best and poor practice or specific technical questions.
Asking the right questions
For senior managers who do not have a technical background we will equip you with the questions to ask of your Incident Response team. They could include:
- Technical Understanding – How did the incident happen? Has the access and attack vector been identified and closed? Is the attacker off the network or still there? Is there still a risk of further attack
- Mitigation – What is the damage? What data has been affected or exfiltrated. How do we deal and mitigate this?
- Attribution and Investigation – Who was behind the attack? Why was the victim targeted? Is there an option to pay? Will we negotiate to identify the data exfoliated or to delay exposure? Do we know where the exposure will be … can we disrupt this? Can we recover the encrypted data? Should you involve law enforcement?
- Regulatory– What action is required from the data protection authorities or financial regulatory authorities?
- Comms – What is the internal and external Comms plan? Will this be protective or reactive (pending exposure)? How will we inform affected data subjects?
- Resilience – What is the plan to rebuild our network securely and how can we re-establish customer confidence and commercial reputation?
- Governance – What advice and guidance should be made available to the Board during an incident? How should the Incident be managed?
- Support – What external support do you require? As importantly, what support do we not require? How do we manage the expense of this support?
- Engagement with the hostile actors. Should we engage? What are the risks associated with paying the ransom? How should engagement be taken forward?
Whilst this is designed to be a one-off service, many of our clients have found our experts’ advice to be invaluable and ask us to remain engaged acting as a critical friend or to provide specialist technical services through the attack.
- Preparation– boards awareness, incident planning and exercising
- Monitoring – developing the deployment of the technical solutions pre and post in a cyber incident
Our customers tell us that, having won the work, the major consulting companies use primarily junior staff to carry out the work. At NCD we only use consultants with many decades of experience.
Latest Ransomware News!!
On Wednesday 16th of November 2022, the Ragnar Locker ransomware gang released a posting on their TOR data leak site where they claimed to have stolen data from the municipality of Zwijndrecht. However, it was discovered that the stolen data was from Zwijndrecht police, a local police unit in Antwerp, Belgium. The leaked data reportedly exposed thousands of car number plates,
Earlier this month, Cincinnati State college informed its 10,000 students and 1,000 staff members that they suffered a cyber attack where they warned that online services and restoration to regular operations will take time. The Vice Society ransomware operation has claimed responsibility for the cyberattack on Cincinnati State Technical and Community College. The threat actors have since posted an extensive
On Monday 7th of November 2022, Empire, the parent company of the Canadian food retail giant Sobeys revealed that Sobeys experienced a cyber attack which has impacted Sobeys’s IT systems. Sobeys has stated that it is working on resolving the issues affecting its IT systems to reduce store disruption. “The Company’s grocery stores remain open to serve customers and are
On Wednesday 2nd of November 2022, the LockBit ransomware gang claimed responsibility for a cyberattack against the German multinational automotive group Continental in a data leak site where they threaten to publish some allegedly stolen data on their data leak site if the company doesn’t give in to their demands by Friday 4th of November 2022 at 15:45 UTC. Based
On Wednesday 12th of October 2022, one of Australia’s largest private health insurance providers, Medibank Private Limited identified unusual activity which was discovered to be a precursor to a ransomware attack. In response, Medibank immediately took down parts of its IT systems to contain the threat and therefore disrupted its online services. “Our ongoing investigation has found the unusual activity
On Tuesday 25th of October 2022, the Hive ransomware group claimed responsibility for a cyber attack that was disclosed on Friday 14th of October 2022 by a subsidiary of the multinational conglomerate Tata Group, Tata Power. They stated that they encrypted Tata Power’s data on Monday 3rd of October 2022. It is believed that the ransom negotiations failed as Hive