‘Ransomware aanval van 12 mei was één van grootste cyberaanvallen ooit’

Een groot gedeelte van de wereld werd vrijdag 12 mei opgeschrikt door een ransomware-aanval. Sindsdien wordt de omvang steeds duidelijker; het lijkt om één van de grootste aanvallen ooit te gaan. Dit stelt Chief Architect Gerrit Lansing van CyberArk, een beveiligingsbedrijf dat zich richt op het tegengaan van aanvallers die zich al in het netwerk bevinden; ransomware is hier een prominent verschijnsel bij. 

De reactie van Gerrit Lansing, Chief Architect bij CyberArk:

“What started out as a reported attack on the National Health Service has evolved into what appears to be one of the largest-scale instances of ransomware on record, with current reports saying there are victims in close to 100 countries.”

“Ransomware is constantly evolving and we’re seeing more variants that don’t limit themselves to encrypting solely whatever is on a PC’s hard drive. Instead they focus on accounts that provide broader access, such as those owned by IT administrators. This approach allows the infiltrator to move more widely within the network, searching for more systems and encrypting them too. It therefore doesn’t matter whose computer was initially targeted, the attack still has the potential to cause significant damage.

We are now seeing instances where attackers can use privileged credentials to find and destroy data backups, which have been typically relied on by organizations to recover from the attack and avoid paying the ransom. Back-ups alone are no longer enough, especially if organizations are exposing privileged credentials to attackers. This means organizations may have to choose between complete data loss and paying the ransom. Eliminating the attacker’s ability to access administrative credentials to propagate ransomware beyond the initially compromised machine is an essential action to defend against future ransomware attacks and limit damage.”