Panera Bread, known for its bakery products, reportedly succumbed to ransomware hackers’ demands following an attack in March 2024. The restaurant chain notified employees of a potential data breach after cybercriminals encrypted virtual machines, severely disrupting its websites, telephone systems, mobile apps, and PoS terminals. Although details of any ransom payment remain undisclosed, speculation from ‘Bleeping Computer’ suggests the hackers may have gained from the attack by withholding stolen information.
Keytronic, a prominent manufacturer of keyboards and circuit boards, fell victim to the BlackBasta ransomware gang, who accessed approximately 530GB of personal data. This incident, revealed in the company’s recent SEC filing, caused operational disruptions, prompting Keytronic to assure stakeholders that services would resume swiftly using backup systems. The ransomware attack has incurred costs exceeding $600,000 to date.
In a concerning development, the ransomware group UNC3944, also known as Scattered Spider or Octo Tempest, has adopted a new tactic by utilizing victimized companies’ IT infrastructure to run virtual machines (VMs). This shift marks a departure from their previous modus operandi of data theft or destruction. Recent targets of UNC3944 include networks of Snowflake, Purestorage, and MGM Entertainment. Mandiant Threat Intelligence, owned by Google, has detected this change and is monitoring the situation closely.
These incidents underscore the evolving tactics of ransomware groups, posing new challenges for cybersecurity efforts worldwide.
Staying proactive to avoid ransomware attacks involves implementing a combination of preventive measures and best practices. Here are some key steps:
1. Employee Training and Awareness: Educate all employees about the risks of ransomware and how it spreads (e.g., phishing emails, malicious links). Train them to recognize suspicious emails, attachments, and websites.
2. Patch and Update Regularly: Ensure all operating systems, software, and applications are patched and updated promptly. Vulnerabilities in outdated software are often exploited by ransom-ware.
3. Use Strong Endpoint Protection: Deploy robust antivirus and anti-malware software on all devices. Consider using endpoint detection and response (EDR) solutions for real-time threat detection and response.
4. Secure Remote Desktop Protocol (RDP): If using RDP, secure it with strong passwords and two-factor authentication (2FA). Limit access based on the principle of least privilege.
5. Backup and Disaster Recovery Plan: Regularly back up data and ensure backups are stored securely offline or in the cloud. Test backups regularly to verify data integrity and restoration capability.
6.Implement Network Segmentation: Divide your network into segments to limit the spread of ransomware in case of an attack. Segment critical systems and sensitive data from less critical ones.
7. Monitor and Audit Access: mMonitor network traffic and user activity for any anomalies or unauthorized access attempts. Conduct regular audits of user permissions and access controls.
8. Employ Email and Web Filtering: Use email filtering to block phishing attempts and malicious attachments. Implement web filtering to restrict access to malicious websites known for distributing malware.
9. Develop an Incident Response Plan: Create and regularly update an incident response plan that outlines steps to take in case of a ransomware attack. Include procedures for containment, investigation, and recovery.
10. Stay Informed and Engage with Security Experts: Keep abreast of the latest ransomware trends, tactics, and vulnerabilities. Engage with cybersecurity experts or consultants to assess your security posture and recommend improvements.
By integrating these proactive measures into your organization’s cybersecurity strategy, you can significantly reduce the risk of falling victim to ransomware attacks and mitigate their impact if they occur.
Ad