The recent attack on facilities management company ISS has created a significant disruption in their operations, communication, and services worldwide.
With over 500,000 employees, the last thing Denmark-based facilities company ISS needs is any kind of lapse in operations. But earlier this week, the organization suffered a ransomware attack that crippled email, and required the disabling of services to isolate the attack.
Ransomware such as Ryuk and Sodinokibi focus primarily on enterprises and have been known to materially impact business operation. With documented ransoms running as high as nearly $800,000, it’s no wonder why cybercriminals turn their attention to larger organizations that are presumably flush with cash.
In the case of ISS, this ransomware attack was obviously not limited in scope to a few machines. Impacting all email and needing to be isolated demonstrates the reach the variant involved had inside ISS’ network.
There’s no detail available regarding whether ransoms were paid, whether backups were affected, or what family of ransomware was used.
I’ll keep repeating myself until everyone hears – there are primary two attack vectors ransomware attacks use: remote desktop and phishing attacks. Stopping remote access to desktops is easy – lock it down, the instructions are clear.
But fixing phishing attacks is harder, as the bad guys are getting more adept at their art with each passing day. Stopping a phishing attack in its’ tracks requires a security strategy that includes the user receiving the suspicious email. Users educated with Security Awareness Training reduce the likelihood of falling for a scam and clicking phishing emails by nearly 88%!
