Security alert follows ‘more than a dozen’ ransomware incidents over recent weeks
Switzerland’s Computer Emergency Response Team (GovCERT) has issued its second ransomware warning in less than 12 months, in a further effort to stop businesses from falling victim to targeted cyber-attacks.
In a security advisory issued on Wednesday (February 19), the agency said it has dealt with more than a dozen ransomware cases over recent weeks, in which “unknown perpetrators encrypted the systems of Swiss SMEs and large companies” and rendered them unusable.
During its analysis of the malware attacks, GovCERT said its information security checklist for small and medium-sized businesses were “not fully observed”, while additional warnings from the authorities were not heeded.
In its post-mortem of these latest ransomware incidents, GovCERT said it identified several common weaknesses, including a failure to install antivirus software on endpoints and servers, along with weak passwords being implemented on remote desktop software.
In addition, many organizations only had online file backups that were not available offline, the agency said. This rendered them useless in the wake of a ransomware attack.
A lack of network segmentation, sloppy patch management, and the granting of excessive user rights were also included in the list of security oversights leading to ransomware infection.
Hell to pay
This latest announcement comes less than a year after GovCERT issued a warning over “severe” ransomware attacks targeting small businesses across Switzerland.
A GovCERT spokesperson declined to provide further details relating to the flurry of recent ransomware cases, but reiterated that attackers were continuing to single out SMEs in targeted attacks.
“Since investigations have been initiated, we cannot comment on ransom demands and their amount,” the spokesperson told The Daily Swig. “This is the task of the criminal prosecution authorities.
“We currently see a clear tendency for attackers to target SMEs, as many of them protect their data and information insufficiently.”
GovCERT said it was appealing to all Swiss companies to assume responsibility for the secure operation of their IT infrastructure.
And in the event that systems are encrypted by ransomware, organizations were advised against making a ransom payment, as this money would simply be used to “support the hacker’s infrastructure”.
“Even if a ransom is paid, there is no guarantee that the blackmailer will decrypt the data,” the GovCERT advisory reads.
“It is important that the companies concerned contact the cantonal police immediately, file a complaint and discuss the further procedure with them.”
It added: “As long as there are still companies that make ransom payments, attackers will never stop blackmailing.”