SK: State institution in Slovakia target of ransomware attacks
Irena Jenčová reports:
The National Security Authority (NBÚ) registered a series of significant ransomware attacks on targets in Slovakia on Friday, that saw hackers request hundreds of thousands of euros for reopening the systems and restoring their full functionality.
“At the moment, the National Security can confirm that these cyber-attacks have affected the information technology sectors in public administration, telecommunications, energy and the IT. We cannot provide more details publicly due to the sensitivity of the matter,” the NBÚ announced on social media.
Read more on euractiv.
The National Cyber Security Centre SK-CERT posted an alert on both Twitter (@sk_cert) and its web site. The web site posting begins (translation):
The NSA intercepted an increased number of cyber attacks. Read recommendations on how to secure your system
April 16, 2021
The National Cyber Security Center SK-CERT has recorded an increased incidence of significant and successful ransomware attacks in Slovakia. In recent days, similar activities have intensified in Central Europe.
The NSA warns companies and institutions to secure and back up their systems without delay. If they neglect this step, they risk significant financial loss.
Ransomware is one of the biggest threats to data. An attacker infiltrates the system, encrypts access to it, and may ask the owner or operator for a ransom to return access.
The National Security Office can confirm that this method was performed by hackers in several Slovak organizations, where they managed to encrypt critical data. They limited the functioning and work activity in these institutions.
Slovak organizations are currently blackmailing and demanding a ransom in the order of hundreds of thousands of euros for re-opening the systems and restoring their full functionality.
The National Cyber Security Center SK-CERT therefore strongly recommends:
- companies need to back up important information. This is the best possible data security measure
- it is necessary to check the backup systems and their functionality, and in order to prevent such situations, it is necessary for companies to back up their important information
- the backed up data must be physically separated from the backed up infrastructure. The hardware has the ability to spread and reproduce on the internal network and actively search for existing backups and invalidate them by encryption
- we also recommend regularly checking the functionality of backups and the ability to restore critical systems
- if an incident has occurred, the affected equipment and systems must be identified and isolated from the network
- if multiple systems and subnets have been affected, turn off the network at the switch level. If it is not possible to disconnect the network at the level of network elements, disconnect individual devices from the network (disconnecting network cables, turning off Wi-Fi, etc.)
- Only turn off affected devices if they cannot be completely isolated from the network infrastructure . Turning off the device irreversibly destroys the data stored in the operational memory, which may contain valuable data and data needed for closer analysis of malware activity and decryption of the affected files.
- in case of any suspicions, do not hesitate to contact the National Security Office at [email protected] and the police.
Neither source specifically mentions any type of ransomware or specific victims.