Security experts have this week warned Italian and Swiss businesses to be on their guard as ongoing ransomware campaigns continue to target vulnerable systems.
In Switzerland, the Reporting and Analysis Centre for Information Assurance (Melani) issued an alert for local firms, claiming that it has already been forced to deal with a dozen cases where SMEs and large organizations have had their systems encrypted.
“The attackers made ransom demands of several tens of thousands of Swiss francs, in some cases even millions,” it said. The Swiss Franc is virtually 1:1 with the US Dollar at present.
“A technical analysis of the incidents revealed that the IT security of the companies affected was often incomplete and the usual best practices were not fully observed. Furthermore, warnings from the authorities were not heeded.”
The best practices that firms have been ignoring include AV installation, RDP endpoints protected with two-factor authentication (2FA), regular offline backups and patching, network segmentation and restricted user rights.
It’s unclear what strain of ransomware is targeting the businesses, but Melani urged victims not to pay up.
“If a ransom payment is nevertheless being considered, it should be noted that although systems and data might be decrypted, the underlying infection from malware such as Emotet or TrickBot will remain active,” it added. “As a result, the attackers still have full access to the affected company's network and can, for example, reinstall ransomware or steal sensitive data from it.”
The news comes as security experts spotted a new campaign targeting Italian users with the Dharma ransomware variant.
Hackers are this time using malicious spam to spread the ransomware, alongside the Ursniff data stealing trojan.
The phishing email in question purports to contain an invoice from a client, but if the user clicks on a link in the body of the message, they will be taken to a OneDrive page where an automatic malware download will begin.