At the end of last week it became known that the security service provider Prosegur, based in Madrid, fell victim to the ransomware "Ryuk". The company's services include the handling of automated cash processes, cash logistics, valuables and courier logistics and the provision of security solutions. Prosegur operates worldwide, with 175,000 employees in 25 countries. On Wednesday afternoon, the company confirmed via Twitter that it had been infected with the encryption Trojan Ryuk and stated that it had taken maximum security measures to prevent the malware from spreading internally and externally.
The ransomware Ryuk, which makes it through detours via spam emails to employees in corporate networks, is not a new phenomenon. The current BSI Management Report 2019 points out the danger of this malware variant: According to the report, targeted monitoring of the Bitcoin addresses used indicates that at least 600,000 US dollars have already been ransomed. In addition, Ryuk has been increasingly appearing in connection with emotet and trick bot campaigns since the turn of the year 2018/2019, which shows the increased modularity of malware in general, but especially ransomware. Ryuk is also mentioned in the current "Bundeslagebild Cybercrime 2018" of the Federal Criminal Police Office, which was published at the beginning of the month. The FBI published a report last year according to which the encryption Trojan has been used since August 2018 by previously unknown attackers to blackmail more than 100 internationally active corporations. In the process, individual claims of up to five million US dollars in Bitcoins have been identified. In return, the victims were probably promised a decryption program.
Awareness and technical precautions
There are two levels to the question of how companies can protect themselves in times of growing threats: The organizational and the technical. On the one hand, companies should urgently sensitize their employees to malicious spam e-mails and not to open e-mails and attachments from unknown senders. Even if the recipients are already known, unexpected file attachments should not be opened inadvertently. Training and awareness of cyber attacks are therefore important building blocks for increasing the security level in the company. But they can only ever be a supplement, because people make mistakes and professionally faked spam mails often can hardly be distinguished from legitimate messages. Using a file sharing solution in your own company branding, on the other hand, creates trust. The data exchange is then carried out via a link to the stored files and, based on the own URL integrated in it, the recipient can be sure to get to trustworthy content.
The solution: Security by Design
In addition, when purchasing new business software, it is essential to ensure that it meets the highest security requirements and that the issue of security has already been taken into account during development - in other words, that it has been developed according to the principle of "security by design". In order to exclude an infection with ransomware from the outset, file sharing solutions should have integrated ransomware protection. This is how it works: If an encryption Trojan encrypts local or network drives despite all precautions, companies still don't lose a single file thanks to versioning of the recycle bin. Finally, in the event of a ransomware attack, the data is overwritten with the encrypted ones - the unencrypted versions of the data are automatically stored in the Recycle Bin and can be completely and undamaged restored. Overall, companies should therefore raise awareness of the dangers among their employees and at the same time ensure that the solutions they use meet the highest standards of security.