Kaspersky issues crucial advice for individuals and companies amid rising concerns about data security following a national telecommunication company’s ransomware attack. The guidance covers steps for individuals facing data leaks and outlines a four-step recovery process for organizations affected by ransomware, emphasizing the importance of preventive cybersecurity measures.
30 January 2024 – In the wake of escalating concerns about data security following a recent ransomware attack on a national telecommunication company, Kaspersky, a leading cybersecurity firm, has issued timely advice for individuals facing data leaks and companies grappling with ransomware attacks.
Ransomware attacks, occurring every 11 seconds and causing $20 billion in damages globally, result in substantial financial and reputational losses. A recent survey by Kaspersky revealed that 88% of company executives are willing to pay the ransom after a successful ransomware infection, highlighting the desperation of companies to retrieve their data. However, paying the ransom does not guarantee data recovery, and it can attract the attention of additional attackers.
CyberSecurity Malaysia (CSM) also discourages companies from complying with hackers’ demands and urges seeking assistance from authorities. CSM pledges to guide affected companies or refer them to international partners for further assistance.
In the event of a potential data leak, Kaspersky recommends the following steps for concerned individuals:
- Inform relevant individuals about the data compromise to avoid scams using their identity.
- Check if email accounts have been exposed using platforms like “haveibeenpwned.com.”
- Change passwords on all accounts, including security questions and PIN codes, using strong passwords.
- Secure computers and devices with antivirus and anti-malware software.
- Protect financial privacy and set up credit monitoring.
- Exercise caution in responding to requests for personal data after a data breach.
- Sign up for two-factor authentication wherever available.
- Monitor accounts for signs of new activity and address unrecognized transactions promptly.
For organizations facing ransomware attacks, Kaspersky outlines a four-step recovery process:
Step 1: Locate and Isolate
- Determine the extent of the intrusion and isolate infected computers to limit contamination.
- Create disk images of infected machines and leave them untouched during the investigation.
Step 2: Analyze and Act
- Ensure the security of the rest of the network and start the threat-hunting process.
- Analyze the ransomware, identify its entry point, and understand the groups using it.
Step 3: Clean up and Restore
- Format drives and restore data from recent clean backups for computers no longer needed for investigation.
- Decrypt files using available tools, and if needed, seek assistance from cybersecurity providers.
Step 4: Take Preventive Measures
- Install reliable protection on all network endpoints.
- Segment the network and use well-configured firewalls or next-gen firewalls.
- Utilize powerful threat-hunting tools beyond antivirus.
- Deploy a Security Information and Event Management (SIEM) system for immediate alerts.
- Conduct regular cybersecurity awareness training for employees.
- Consider Managed Detection and Response service and Threat Intelligence for proactive monitoring and threat mitigation.
Throughout the recovery process, document actions taken for transparency, preserve evidence of the ransomware, and engage experts for assistance. Kaspersky emphasizes its commitment to supporting organizations facing such challenges and encourages proactive cybersecurity measures.
