Mitigating the infamous hacker group out of retirement

It has been announced that an infamous hacker group, GandCrab, have ‘come out of retirement’ and appear to be behind a wave of new attacks being carried out across the world with an estimated that 1.5 million machines, including hospitals, already affected.

Dr. Guy Bunker, CTO of Clearswift Cyber Security, sheds light on ransomware as a business and how organisations can protect themselves. He discusses how the re-emergence of GandCrab impacts commercial organisations, and what can be done to mitigate any threats.

“Ransomware remains a lucrative business and while it’s been headline news for a number of years there are still organisations which have not taken precautions to protect themselves, their people, data and clients from attack, which means there is still opportunity for the likes of GandCrab. Furthermore, with the ongoing commercialisation of malware, there are other opportunities for bespoke or customised malware to be developed and sold to the highest bidder. Of course, it’s not just the actual malware, there is the other pieces of an attack which need to be orchestrated, such as the spear phishing attack or Business Email Compromise attack with weaponised documents.

“For commercial organisations, the re-emergence of GandCrab should have little impact on their day-to-day security, as they should already be protecting against the myriad of other groups and threats. However, stories such as this should act as a catalyst for organisations to test their cyber disaster recovery plans. Without a plan the impact of an attack could be catastrophic, even with a plan, it needs to be tested and regularly reviewed and updated to ensure that it keeps up with the threats. Employees need an education and awareness program to ensure that they are kept up-to-date with new scams and attacks, learning about identifying the threat and what to do should they suspect one. As fast as threats change, so does the technology to help mitigate them. Understanding what new technology can do to protect the organisation is important, and if required can then be planned for implementation.”

(7)

![Share](upload://rAGtAuhlLgaM1UMzej6kkBY8bm5.png)

Article Link: http://digitalforensicsmagazine.com/blogs/?p=2828