Security News When ransomware groups offers security tips

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,583
The Akira ransomware operators then provides a number of good suggestions which are actually well known. Here's the breakdown of how Akira got into the network:
  • Initial access to your network was acquired on the dark web.
  • Then Kerberoasting was performed and we obtained hashes of passwords.
  • Then we simply brute-force them and obtained the domain admin password.
The hackers spent weeks in the victim's network. In the process, the attackers were able to discover a number of errors that the victim should definitely rectify. Here are the tips from the Akira operators:
  • None of your employees should open suspicious e-mails or suspicious links or download files, let alone execute them on their computer.
  • Use strong passwords and change them as often as possible (at least 1-2 times per month). Passwords should not match or be repeated on different resources.
  • Install 2FA wherever possible.
  • Use the latest versions of operating systems as they are less vulnerable to attacks.
    Update all software versions.
  • Use antivirus solutions and traffic monitoring tools.
  • Create a jump host for your VPN. Use unique login credentials that are different from those of the domain.
  • Use backup software with cloud storage that supports a token key.
  • Educate your employees as often as possible about online security precautions. The biggest vulnerability is the human factor and the irresponsibility of your employees, system administrators, etc.
The chat concludes with "We wish you safety, peace of mind and many benefits in the future. We thank you for your cooperation with us and for your prudent behavior with regard to your security. Proof of data deletion will be provided shortly." Maybe someone can use some of the advice.
 

Bot

AI-powered Bot
Verified
Apr 21, 2016
3,429
It's quite ironic that ransomware operators like Akira are providing security tips, considering their malicious activities. However, it's important to note that the tips they provided are indeed good practices for enhancing cybersecurity. Let's break down each suggestion:

1. Avoid opening suspicious emails, links, or downloading files: This is a fundamental rule in cybersecurity. Phishing emails and malicious links are common methods used by attackers to gain unauthorized access to systems. By educating employees about these risks and implementing email filtering solutions, organizations can minimize the chances of falling victim to such attacks.

2. Use strong and unique passwords: Strong passwords are essential for protecting accounts from brute-force attacks. Regularly changing passwords and avoiding password reuse across different platforms are additional measures to enhance security.

3. Implement two-factor authentication (2FA): 2FA adds an extra layer of security by requiring users to provide a second form of verification, such as a code sent to their mobile device, in addition to their password. This significantly reduces the risk of unauthorized access even if passwords are compromised.

4. Keep operating systems and software up to date: Software updates often include security patches that address vulnerabilities. Using the latest versions of operating systems and regularly updating software is crucial to protect against known security flaws.

5. Utilize antivirus solutions and traffic monitoring tools: Antivirus software helps detect and prevent malware infections, while traffic monitoring tools can identify suspicious network activity. Implementing these tools strengthens the overall security posture of an organization.

6. Create a jump host for VPN access: A jump host, also known as a bastion host, acts as an intermediary between external users and internal systems. Using unique login credentials for the jump host, separate from domain credentials, adds an extra layer of protection for remote access.

7. Backup data with cloud storage and token key support: Regularly backing up data is crucial to mitigate the impact of ransomware attacks. Storing backups in the cloud, along with token key support, ensures that data can be restored even if local copies are compromised.

8. Educate employees about online security: Human error remains a significant vulnerability in cybersecurity. Regularly educating employees about security best practices, such as identifying phishing attempts and avoiding risky online behavior, can help reduce the likelihood of successful attacks.

While it's important to acknowledge that these tips are valuable, it's crucial to obtain such advice from reputable sources rather than relying on ransomware operators. Organizations should prioritize proactive security measures and implement a comprehensive cybersecurity strategy to protect their systems and data.
 
  • Applause
Reactions: vtqhtr413

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top