Ransomware Attacks in Switzerland: Protect Your Business Now!

There have been more than a dozen new ransomware attacks in Switzerland in recent weeks. Criminal attackers encrypted the IT systems of both SMEs and large companies, rendering them unusable. The perpetrators demanded ransom money, sometimes in the millions, for decryption.

  #Security Emergency Concept   #Security Awareness   #Security Risk Assessment   #Security Strategy Architecture  
Markus Kaegi
+41 58 510 16 98

The Federal Center for Information Assurance (Melani) has issued a statement on the attacks, noting that the IT security of the companies affected had frequently been inadequate and usual best practices not fully observed. Furthermore, guidelines and warnings issued by the authorities had not been heeded.

What are the vulnerabilities?

The federal experts list a number of vulnerabilities that have been exploited by the cyber criminals.
Virus protection: Antivirus software alerts were not noticed or not taken seriously. In a few cases there were servers without any antivirus software.

Remote access: In many cases, remote access to systems was insufficiently safeguarded. This made the systems easily accessible.

Notifications from authorities: Reports from authorities or Internet service providers (ISPs) about possible infections were ignored or not taken seriously by the affected companies. Infestation with malware was therefore only partially or not at all cleaned up, which in many cases led to a complete encryption of company data.

Offline backups: Many companies only perform online backups that cannot be accessed offline. In case of an infection with ransomware, these are encrypted or irretrievably deleted. In many cases, a restoration of such a company's operations is only possible with considerable effort or not at all.

Outdated software: Too often companies do not maintain clean patch and life cycle management. As a result, there are operating systems or software in use that are no longer supported. The attackers have exploited these vulnerabilities.

Lack of segmentation: If networks are not segmented, an infection on a machine in one department provides the attacker with a direct path of attack to another department.

User rights: Users have sometimes been assigned excessive rights, i.e., a backup user with domain admin rights or a system administrator who surfs the Internet with the same rights as he or she uses to manage the systems.

How big is your risk?

The question is not whether ransomware attacks will hit a company, but rather when. Our specialists can identify your risk areas with a security risk assessment. We can also show you different affordable protection options. These recommended measures originate from the UMB Computer security incident response team (CSIRT) which puts customers back into business every day through breach management.

[i] Melani - Beware: Ransomware continues to pose a significant security risk for SMEs