Nihon Cyber Defence Co., Ltd.
HELP and ADVICE - Ransomware
Unfortunately, it is not a case of if, but when you will be impacted …
Nihon Cyber Defence’s (NCD) highly experienced team understands the challenges that the victims of these attacks face. We know that CEOs, CIOs and CISO’s and Senior Leadership Teams, need objective, helpful and timely advice to allow them to lead a successful recovery and mitigation.
Therefore, we have launched an advice service that gives victim organisations immediate access to the right guidance through industry experts, allowing organisations to prepare or respond to incidents.
We will assist in preparing, defending or responding to an attack and whilst our ransomware advice service is currently intended primarily for Japanese organisations, NCD has impressive experience working on ransomware and other forms of devastating cyber-attacks globally. You can learn more about what we offer here…
At Nihon Cyber Defence (NCD) we see the impact that cyber-attacks and in particular ransomware attacks can have. Whilst it has been major ransomware attacks that have dominated the headlines, the reality is that an enormous range of organisations are being impacted.
This increase in the number and sophistication of attacks has been driven by Ransomware as a Service (RaaS), that has made sophisticated cyber tools available to a growing range of criminal groups.
Dealing with a major cyber incident
For an organisation’s senior management, a ransomware attack is a major test of leadership. At NCD we believe that is important that senior managers, who are often under immense pressure, are supported through an incident. We have therefore – at the suggestion of several organisations that we have helped – are launching a cyber security advice service.
The key elements of this service are that it is:
- Confidential
- Cost effective
- Provides access to world-class cyber security experts
- For anyone in a leadership position
Purpose
The sole purpose of the NCD Advice Service is to help you recover from a Cyber Attack
Process
The way that this service works is:
- Companies that believe that they may have become the victim of a cyber-attack, contact NCD through our online portal (please do not use an email address that may have been compromised in the attack).
- A Non-Disclosure Agreement (NDA) is quickly put in place to ensure complete confidentiality.
- After an initial discussion with a native Japanese speaker, a secure video conferencing call will be set up between the company’s management and world-class cyber security experts who have dealt with many hundreds of cyber security incidents. This call can be in English or with Japanese translation.
- During the call senior managers CEO’s, CIOs, CFO’s, CISO’s or anyone else who finds themselves in a cyber incident management leadership role will have the opportunity to ask questions of these experts. These can be general questions around best and poor practice or specific technical questions.
Asking the right questions
For senior managers who do not have a technical background we will equip you with the questions to ask of your Incident Response team. They could include:
- Technical Understanding – How did the incident happen? Has the access and attack vector been identified and closed? Is the attacker off the network or still there? Is there still a risk of further attack
- Mitigation – What is the damage? What data has been affected or exfiltrated. How do we deal and mitigate this?
- Attribution and Investigation – Who was behind the attack? Why was the victim targeted? Is there an option to pay? Will we negotiate to identify the data exfoliated or to delay exposure? Do we know where the exposure will be … can we disrupt this? Can we recover the encrypted data? Should you involve law enforcement?
- Regulatory– What action is required from the data protection authorities or financial regulatory authorities?
- Comms – What is the internal and external Comms plan? Will this be protective or reactive (pending exposure)? How will we inform affected data subjects?
- Resilience – What is the plan to rebuild our network securely and how can we re-establish customer confidence and commercial reputation?
- Governance – What advice and guidance should be made available to the Board during an incident? How should the Incident be managed?
- Support – What external support do you require? As importantly, what support do we not require? How do we manage the expense of this support?
- Engagement with the hostile actors. Should we engage? What are the risks associated with paying the ransom? How should engagement be taken forward?
Whilst this is designed to be a one-off service, many of our clients have found our experts’ advice to be invaluable and ask us to remain engaged acting as a critical friend or to provide specialist technical services through the attack.
Other services
- Preparation– boards awareness, incident planning and exercising
- Monitoring – developing the deployment of the technical solutions pre and post in a cyber incident
Consultants
Our customers tell us that, having won the work, the major consulting companies use primarily junior staff to carry out the work. At NCD we only use consultants with many decades of experience.
Latest Ransomware News!!
Germany’s cybersecurity is on high alert ahead of elections
Germany is ramping up its cybersecurity efforts ahead of the upcoming elections, with Interior Minister Nancy Faeser emphasizing the importance of strong defenses against cyberattacks and disinformation. She cautioned about potential threats from Russia and other foreign entities, underscoring the need to protect democracy in the digital space.A report from the Federal Office for Information Security highlighted Germany’s susceptibility to
US continues investigation into Chinese cyber espionage campaign, as Volt Typhoon resurfaces
SecurityScorecard researchers revealed that the Chinese-affiliated threat group Volt Typhoon has rebuilt its botnet, which was disrupted by the FBI in January. In response, the U.S. government disclosed an ongoing cyber espionage campaign by China targeting commercial telecommunications infrastructure. The FBI and CISA confirmed that PRC-linked actors have compromised multiple telecom networks to steal customer call data, intercept private communications,
Over 22,000 CyberPanel Servers at Risk from Critical Vulnerabilities Exploitation by PSAUX Ransomware
CyberPanel, a widely used free web hosting control panel, was recently found to contain vulnerabilities that could allow unauthenticated remote code execution. The discovery was made by a security researcher known as DreyAnd. DreyAnd reported the vulnerabilities to CyberPanel developers, who released patches on October 23. A few days later, on October 27, the researcher publicly shared the technical details
Mexican airport operator purportedly breached by RansomHub
Mexico’s Grupo Aeroportuario del Centro Norte (OMA), which manages over a dozen airports across the country, has reportedly fallen victim to the RansomHub ransomware operation. The threat actors have claimed responsibility for the breach, alleging possession of 3 TB of sensitive data and warning of its exposure should the company fail to comply with their ransom demands, according to The
Over 200 malicious apps on Google Play downloaded millions of times
Google Play, the official application marketplace for Android, facilitated the distribution of over 200 malicious applications within a one-year period, collectively accumulating nearly eight million downloads. This data was gathered between June 2023 and April 2024 by threat intelligence researchers at Zscaler, who identified and analyzed various malware families present on both Google Play and other distribution platforms. Earlier in
Ukrainian pleads guilty to operating Raccoon Stealer malware
Ukrainian national Mark Sokolovsky has admitted guilt in connection with his participation in the Raccoon Stealer malware cybercrime scheme. Sokolovsky and his accomplices disseminated Raccoon Stealer through a Malware-as-a-Service (MaaS) model, enabling cybercriminals to lease the malware for $75 per week or $200 per month. The malware is designed to exfiltrate a broad spectrum of sensitive data from compromised devices,
