Nihon Cyber Defence Co., Ltd.
HELP and ADVICE - Ransomware
Unfortunately, it is not a case of if, but when you will be impacted …
Nihon Cyber Defence’s (NCD) highly experienced team understands the challenges that the victims of these attacks face. We know that CEOs, CIOs and CISO’s and Senior Leadership Teams, need objective, helpful and timely advice to allow them to lead a successful recovery and mitigation.
Therefore, we have launched an advice service that gives victim organisations immediate access to the right guidance through industry experts, allowing organisations to prepare or respond to incidents.
We will assist in preparing, defending or responding to an attack and whilst our ransomware advice service is currently intended primarily for Japanese organisations, NCD has impressive experience working on ransomware and other forms of devastating cyber-attacks globally. You can learn more about what we offer here…
SERVICES
At Nihon Cyber Defence (NCD) we see the impact that cyber-attacks and in particular ransomware attacks can have. Whilst it has been major ransomware attacks that have dominated the headlines, the reality is that an enormous range of organisations are being impacted.
This increase in the number and sophistication of attacks has been driven by Ransomware as a Service (RaaS), that has made sophisticated cyber tools available to a growing range of criminal groups.
Dealing with a major cyber incident
For an organisation’s senior management, a ransomware attack is a major test of leadership. At NCD we believe that is important that senior managers, who are often under immense pressure, are supported through an incident. We have therefore – at the suggestion of several organisations that we have helped – are launching a cyber security advice service.
The key elements of this service are that it is:
- Confidential
- Cost effective
- Provides access to world-class cyber security experts
- For anyone in a leadership position
Purpose
The sole purpose of the NCD Advice Service is to help you recover from a Cyber Attack
Process
The way that this service works is:
- Companies that believe that they may have become the victim of a cyber-attack, contact NCD through our online portal (please do not use an email address that may have been compromised in the attack).
- A Non-Disclosure Agreement (NDA) is quickly put in place to ensure complete confidentiality.
- After an initial discussion with a native Japanese speaker, a secure video conferencing call will be set up between the company’s management and world-class cyber security experts who have dealt with many hundreds of cyber security incidents. This call can be in English or with Japanese translation.
- During the call senior managers CEO’s, CIOs, CFO’s, CISO’s or anyone else who finds themselves in a cyber incident management leadership role will have the opportunity to ask questions of these experts. These can be general questions around best and poor practice or specific technical questions.
Asking the right questions
For senior managers who do not have a technical background we will equip you with the questions to ask of your Incident Response team. They could include:
- Technical Understanding – How did the incident happen? Has the access and attack vector been identified and closed? Is the attacker off the network or still there? Is there still a risk of further attack
- Mitigation – What is the damage? What data has been affected or exfiltrated. How do we deal and mitigate this?
- Attribution and Investigation – Who was behind the attack? Why was the victim targeted? Is there an option to pay? Will we negotiate to identify the data exfoliated or to delay exposure? Do we know where the exposure will be … can we disrupt this? Can we recover the encrypted data? Should you involve law enforcement?
- Regulatory– What action is required from the data protection authorities or financial regulatory authorities?
- Comms – What is the internal and external Comms plan? Will this be protective or reactive (pending exposure)? How will we inform affected data subjects?
- Resilience – What is the plan to rebuild our network securely and how can we re-establish customer confidence and commercial reputation?
- Governance – What advice and guidance should be made available to the Board during an incident? How should the Incident be managed?
- Support – What external support do you require? As importantly, what support do we not require? How do we manage the expense of this support?
- Engagement with the hostile actors. Should we engage? What are the risks associated with paying the ransom? How should engagement be taken forward?
Whilst this is designed to be a one-off service, many of our clients have found our experts’ advice to be invaluable and ask us to remain engaged acting as a critical friend or to provide specialist technical services through the attack.
Other services
- Preparation– boards awareness, incident planning and exercising
- Monitoring – developing the deployment of the technical solutions pre and post in a cyber incident
Consultants
Our customers tell us that, having won the work, the major consulting companies use primarily junior staff to carry out the work. At NCD we only use consultants with many decades of experience.
Latest Ransomware News!!
Bl00Dy Ransomware Gang seen using Leaked LockBit 3.0 builder
Recently, the Bl00Dy Ransomware Gang has been observed using a recently leaked LockBit ransomware builder in attacks against companies. The Bl00Dy Ransomware Gang was first observed operating around May 2022, when they were targeting a group of medical and dental practices in New York. Last week, the LockBit 3.0 ransomware builder was leaked on Twitter after a fallout between a
A cyberattack against New York Racing Association claimed by the Hive ransomware gang
On Monday 19th of September 2022, the Hive ransomware gang claimed responsibility for an cyberattack that impacted the IT operations of the New York Racing Association (NYRA). The incident also impacted their website availability and has resulted in member data being compromised. On Friday 9th of September 2022, NYRA released a security breach notification that revealed that the threat actors
New York-based Empress Emergency Medical Services discloses data breach after ransomware attack
On Thursday 14th of July 2022, Empress Emergency Medical Services (EMS), emergency response and ambulance service provider based in New York suffered a ransomware attack. An investigation into the incident revealed that the threat actor had gained access to Empress EMS’ systems on Thursday 26th of May, 2022. The threat actor stayed in their systems until Wednesday 13th of July 2022,
Cyberattack against Bell Canada subsidiary claimed by Hive ransomware gang
The Hive ransomware gang claimed responsibility for an attack that hit the systems of Bell Canada subsidiary Bell Technical Solutions (BTS). Within the data leak entry, Hive claims that they encrypted BTS’ systems almost a month ago, on Saturday 20th of August 2022. Even though BTS hasn’t disclosed when its network was breached or how the attack occurred, Bell Canada
A growing number of ransomware gangs adopting new intermittent encryption tactic
In recent months, a growing number of ransomware groups have been observing using a new tactic, intermittent encryption that helps them encrypt their victims’ systems faster while reducing the chances of being detected and stopped. This involves encrypting only parts of the targeted files’ content, which would still render the data unrecoverable without using a valid decryptor and key. This tactic
FBI releases joint advisory warning of Vice Society ransomware attacks on school districts
On Tuesday 6th of September 2022, the United States Federal Bureau of Investigation (FBI) released a joint TLP:WHITE cybersecurity advisory which revealed that multiple agencies have observed Vice Society threat actors disproportionately targeting the education sector with ransomware attacks. The impacts of ransomware attacks against the education sectors have ranged from restricted access to networks and data, delayed exams, cancelled