New gang SafePay breaks the locks at Microlise
If you’re going to burst onto the ransomware scene, you want to lay claim to one of the year’s biggest attacks. And that’s what SafePay did this week. Among its 25 victims was UK tech company Microlise, which suffered a crippling attack on October 31. This not only caused delays with shipping companies like DHL but also disrupted Serco’s ability to track prison vans used to transport inmates. Worse still, some vehicles were without tracking for 72 hours before employees and officials realized…
Two other victims are confirmed so far: Barbados Statistical Service and German civil engineering company Fritz Spieth Beratende Ingenieure GmbH.
Termite comes out of the woodwork
Another new ransomware gang, Termite, crawled out of the woodwork this week to claim the recent attacks on Conseil scolaire Viamonde (a Canadian school board hit by an attack on October 17) and Département de La Réunion (a government entity hit by an attack on November 13).
No companies are apparently safe from this infestation, either, with its four other victims being from completely different sectors and countries! Also added to its data leak site were a German non-profit, an Omani energy company, a fresh water treatment company in France, and an American manufacturing company.
Are you protected from ransomware gangs–new and old?
One question on our minds (and hopefully yours too), is whether these organizations were regularly scanning for ransomware. Median dwell time is anywhere from 24 hours to 8 days, depending on who you ask (Madiant M-Trends says 24 hours, Sophos says 8 days. We’ll let them fight that one out). Any org using robust tools should be able to detect an intrusion.
For you though, the best answer is to use automated scanning with alert detection. SIEM tools are the unsung hero here, but they’re not made equally. Check out our post on the best SIEM tools for business.
Until next week. Let’s keep that zero-day count at zero!
