fbpx
perm_phone_msgConsider your business risks? Chat With US

What we can learn from the Grubman ransomware attack

Ransomware BCyber todayJune 7, 2020 93

Background
share close

In May this year, the US entertainment law firm Grubman, Shire, Meiselas & Sacks (Grubman) was a target of a ransomware
attack, causing an estimated loss of over US $42,000,000. The data stolen included a variety of personal data and information including
contracts, non-disclosure agreements and private correspondence from their high-profile celebrity clients. 

What is ransomware?

Ransomware is malicious software designed to block access to data or a computer system until a sum of money is paid or other conditions are
met. Ransomware is a cyber threat to organisations of all sizes and can be distributed through:

Grubman’s attack involved sophisticated perpetrators using well-known ransomware called REvil to encrypt their sensitive data and steal
large amounts of it as leverage.

What happens if I am a target of ransomware?

The first thing you should do is activate your data breach or incident response plan.

It is generally NOT recommended that you pay the ransom, because there is no guarantee that the perpetrators will
restore or decrypt affected files and may make you more vulnerable to further attacks. Seek professional advice from cybersecurity experts.

Ransomware in Australia

Grubman’s ransomware attack is notable for its large-scale impact and the firm’s high-profile clients. However, all firms are also at risk
of ransomware attacks.

Most SMEs are not likely to be targeted by highly sophisticated actors, but once vulnerabilities are disclosed, they become easily
accessible to less sophisticated threat actors such as criminal groups. These groups can buy exploit kits that allow them to easily deploy
this kind of malware.

Importantly, once a cyber vulnerability is disclosed there is usually a patch released by the software vendor. However, it is usually up to
system administrators or IT service providers to ensure the patch is installed. Businesses should ensure that their IT providers are
regularly installing all updates  

In its most recent Notifiable Data Breaches Report, the OAIC reported malicious or criminal attacks from July to December 2019 accounted for
64% of all data breaches during this period. Ransomware represented 6% of these incidents – primarily targeting healthcare and professional
services sectors. 

The Australian Cyber Security Centre (ACSC) reported that the COVID-19 pandemic poses additional risks to the healthcare
sector that is being actively targeted by highly sophisticated groups. The sector is a lucrative target due to the high value of information
in vaccine development and research about outbreaks, potentially disrupt essential services and business-critical systems through attacking
sensitive personal and medical data.

Recommendations to prevent Ransomware attacks

Although no network can be completely protected from ransomware attacks, there are simple preventative measures that organizations can take
to ensure that they are less vulnerable targets and can avoid the harmful effects of cybercrime experienced by Grubman. The steps
recommended by the ACSC include to:

For more on strategies to ensure that your organisation is cyber secure, we recommend that you read the Essential Eight, a baseline policy
created by the ACSC that is a cost-effective way to mitigate cyber security incidents: https://www.cyber.gov.au/publications/essential-eight-explained

For advice on how to minimise your potential liability from a data breach, including preparing a data breach response plan, contact our
privacy and data security specialist Sam Hartridge here.

This content was originally published here.

Written by: BCyber

Rate it
Previous post
Powered by Monevation - Intelligence by Ding - Knowledge by Qoney