Prominent Marketing Firm Faces Ransomware
Cyber security experts came to know of a vicious ransomware attack on a Hong Kong based Chinese marketing firm, Fimmick. Ever since the attack took place, Fimmick’s website is inaccessible and unresponsive.
The attack was conducted by a Russian group of hackers who have gained considerable notoriety in the cyber world after they deployed an attack on Kaseya Virtual System Administrator (VSA) servers. Their weapon then, as with Fimmick, was REvil ransomware.
While an attack on a school or hospital is an event that makes news, an attack on marketing firm barely attracts any attention. Yet, in the last year, hacker groups targeted such firms because they provided access to precious data of several high-profile and well-known brands like Coca Cola, McDonalds, Shell, Asus, Cetaphil and others.
A British cyber security firm looking into this affair has revealed that REvil has increased their attacks on marketing firms by way of emails with attachments.
The threat actors spread phishing links to targets and a single click on the link activates the malware and the entire data gets encrypted. To protect against these attacks, organizations should train their employees to avoid a contact with any suspicious and unidentified link. They should immediately report the existence of such emails and links to the IT staff so that proper precautionary steps are adopted to avert any large scale damage.
On surface, it seems like an attack on the marketing firm, but in reality big and high-profile names that are tied to the firm are the primary targets. The media often give scant importance to such incidents but when huge companies are affected as a result of this ‘non-event’, news flash around the globe. The researchers have noticed that 73% of ransomware attacks originated from REvil/Sodinokibi type.
The activities of ransomware gangs are usually detected when cyber security firms conduct routine checkups on systems. So was the case with the REvil ransomware attack on Fimmick. The researchers at UK based X Cyber Group during their routine exercises noticed that the Fimmick website was down and unresponsive. On further investigation they found that REvil had breached databases at their target systems and claimed to have access to data of global brands. Soon, they started sending threat notes to Fimmick.
A senior security researcher at Huntress, John Hammond, observes that most attractive targets of ransomware hackers are those firms which lead to more lucrative targets. That’s why the hackers adopt spray-and-pray approach which is all about looking for the easiest prey and waiting for more after the first attack is successful. It is a kind of strategy that results in ‘snowball effect’ bringing in maximum results with minimum of efforts.
When the gain is huge and the effort is scant, the attraction is optimum. The researchers, therefore, have reason to believe that the intensity of attacks on marketing firms would increase in the coming months and years. Since marketing firms have ties with several high-profile clients, the amount of data they have to maintain acts as bait for hackers. And hackers love to prey on such opportunities.
