Forewarned – armed
The FSB has warned Russian companies about hacker attacks using ransomware. A related statement and a list of countermeasures against attacks has been published on the website of the National Coordination Center for Computer Incidents (NCCC), created by the FSB.
“The recommendations include priority and contingency measures to guard against threats. The first measures are about the ground rules that organizations must follow to increase the level of security. In NCCCI’s message, emergency measures can significantly reduce the risk of intruders entering the company’s infrastructure.
Ransomware is a type of malware that infiltrates computers and encrypts all available files. Encrypted files lose their functionality, paralyzing the attacked organization’s business: losing access to accounting, research, contracts, and more. Hackers distributing this type of malware demand cash from victim companies to decrypt files and restore business operations. These cybercriminals are called ransomware.
This publication of NCCCI is due to the fact that in recent weeks more and more Russian companies have been subjected to hacker attacks of varying severity, Vladimir Makarov, information security audit specialist at T.Hunter (the company specializes in protecting information systems of any complexity), Gazeta He told .ru. According to him, this was most likely due to recent cyberattacks on Wildberries, Miratorg and the Federal Air Transport Agency, which were associated with the activities of hijacker hackers.
“The NCCC, as the main body for responding to practical incidents, has issued practical recommendations. Similarly, the Bank of Russia, for example, takes action when countering any fraudulent schemes. As we can see, not all companies are currently adequately assessing the threat and impact of hacker attacks, so they are timely measures taken,” he explained.
Oleg Skulkin, head of the Group-IB Digital Forensics Laboratory (one of the leading international companies for the prevention and investigation of cybercrime), provides similar data.
“After February 24, we see an almost threefold increase in the number of ransomware attacks,” the expert said.
The NKTsKI measure, in the least, is not related to the conduct of mass attacks on Runet, added Denis Kuvshinov, head of Positive Technologies Threat Research Group (an international company in the field of information security).
“Calls for attacks on Russian companies are massively published on hacker forums and social networks. At the same time, the necessary tools are often listed and instructions are signed. Most of the time this is normal DDoS, but there are more advanced solo hackers and groups of hackers who can break into the organization’s network. Most of the time they aim to steal data, but in addition to theft, no one guarantees that the ransomware will not be released within the corporate network,” Kuvshinov said.
new motifs
While it is believed that Russian companies are less likely to encounter ransomware hackers than European and American companies, experts say the observed trend is not new.
“To them [атак] There were several before. According to our research, the number of ransomware attacks in Russia increased by more than 200% in 2021,” said Skulkin of Group-IB.
The novelty of the current situation is that only some recent events have been made public, he said. In Russia, the vast majority of cyberattacks are not advertised.
A similar view is shared by experts and other information security companies. However, a source in one of them emphasized that new motifs can be traced in the current wave of hacker attacks using encryption viruses.
“If earlier hackers encrypted Russian infrastructures for ransom, now the share of irreversible encryptions has increased, that is, without the right to use keys to recover files. Of course, the attackers’ aim now is to disable Russian trade as much as possible,” he said.
Absolutely all the experts interviewed agreed that the recommendations issued by the NCCC are effective and should not be ignored, especially given the increasing daily activities of cybercriminals towards Russia.