It has been confirmed by the LockBit ransomware gang that they were behind the cyberattack against Continental, a multinational automotive group. They claimed to have stolen data from the company's systems, and provided them with 22 hours to accomplish their demands. If Continental won't comply, then the gang would publish the data on their data leak site, according to Bleeping Computer.
The Cyberattack
Continental has already released a statement regarding the breach, back on August 24. They have confirmed that the LockBit ransomware gang has infiltrated some of their IT systems. However, it was also stated that it was already averted after they detected it. Continental expressed that they have full control over their IT systems, and that business activities were not infected.
They successfully resolved the matter with the help of cybersecurity experts. The automotive group took defensive measures that were necessary, to restore their IT systems to their full integrity. The company has reported the incident to the proper authorities, and cybersecurity experts are still investigating it.
LockBit Ransomware
Ransomware is malicious software used to extort its targets for ransom payments. The hacker will either encrypt the system and render it unusable, or steal the victim's data and threaten publication. The person/s behind the ransomware would cease the extortion once their demands are met.
The targets are usually government organizations and enterprises than individual people. The ransomware virus started back in September 2019, but it was still called "ABCD" ransomware then. This was because of its ".abcd" file extension name once the files are encrypted.
According to Kaspersky, the virus can spread by itself, meaning that no manual directions are required. It is more targeted as opposed to spam malware. However, it uses similar tools like Windows Powershell and Server Message Block to spread.
Since LockBit has a pre-designed automated process, it can propagate on its own. The hacker can infect other accessible hosts using a script once it infiltrates an initial host. The executable encrypting file can sometimes appear as a PNG image, so the system defenses may not be able to flag it.
How to Protect Your System from Ransomware
-
Use Strong passwords. If it's too easy, the hacker could easily guess it. An algorithm tool could also crack the code within days. Use long and complicated passwords to avoid this.
-
Multi-factor authentication can add another layer of protection for your system. This way, brute force hacking won't easily give access to your system. Biometrics is also a good option for security since it's not easily replicated. There's also the choice of using a physical USB key authenticator.
-
Limit account permissions. If your system needs several permissions to go through levels, it might be easier for potential threats to pass by.
-
Security procedures should be followed by system configurations. Check on your setups. Your system policies may not be up to date for the current threats.
-
Have a system backup. You'll never know when incidents might happen, and it's better to have backup files offline when you need them.
-
Cybersecurity protection is a must, especially if the company operates some of its business digitally. The cybersecurity protection software can provide real-time protection, and will detect downloads that appear to be or are malicious.