Last week the following article came across my desk. sharing the news that Amey PLC – the British giant providing infrastructure support services to both regulated and public sectors including Trafford councils bin collections has suffered a major cyber attack. It was reported that 143GB of sensitive personal, financial and commercial details have been leaked, with the attackers demanding a $2bn ransom.
The ransomware group Mount Locker is believed to be behind the attack, which has a history of demanding multi-million dollar ransoms from its victims in the past.
Around December 16th, 2020, the Mount Locker ransomware group breached Amey’s computer systems. On December 26th, the group started publishing Amey’s proprietary data in parts on their leak site.
The leaked documents present in the dump include contracts, financial documents including bank statements and loan records, confidential partnership agreements, NDAs, correspondence between Amey and UK government departments and councils, scans of passports, driving licenses, and identity documents of company employees and directors, financial reports, employment records (new hire offers and resignation letters), technical blueprints (of Manchester Metrolink railways, for example), meeting minutes, etc.
Fortunately, Amey has invested in cyber security measures to identify, contain and eradicate this type of attack but other organisations are not so well prepared.
Ransomware attacks are devastating to businesses of all sizes and sectors. Yet many organisations continue to pay the demands rather than implement measures to defend against them.
In many instances, caving to demands and paying the ransom provides no guarantees that you will regain access to your systems. Although Amey was targeted by a complex and coordinated attack, many ransomware attacks are performed by inexperienced individuals and script kiddies who have purchased tools to initiate ransomware attacks from the dark web with little knowledge of how they work and no idea of how to decrypt files once the ransom has been paid.
Implementing strong defences against cyber threats will help you effectively defend against attacks to your business from malicious individuals.
It is no longer an option to ignore the threat of cyber criminals attacking your organisation. Implementing a strong security culture will help you defend against the majority of incoming attacks and give you the knowledge and tools to identify, contain and remediate threats in the event they breach your security.
SES recommend that you begin by creating a robust Incident Response Plan which you can follow in the event of a successful breach as this gives you a clear set of actions to take control of the situation and swiftly remediate. SES also recommend that you perform regular Vulnerability Assessments and Penetration Testing once a year or after each major version change to review your systems and networks for vulnerabilities an attacker could exploit.
It is also recommended that you perform Phishing Assessments on your organisation. These will ensure your staff can identify and avoid falling victim to phishing emails which attackers use to extract sensitive information to bypass your organisation's security or deploy malware into your systems and networks.
If you would like to discuss your organisation's security in more detail, please get in touch to speak to one of our specialists.
© Financechain Limited trading as SES and ses-escrow.co.uk, 2020. Unauthorised use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Financechain Limited trading as SES and ses-escrow.co.uk, with appropriate and specific direction to the original content.