According to the network space Security Situation Analysis Report (2024) released recently, from July 2023 to June 2024, A total of 26 Blackmail virus organizations around the world launched attacks and carried out blackmail to 71 institutions and 14 national economic industries in our country, of which the manufacturing industry suffered the most.

Why is manufacturing the main target of attack?

The operation technology system of manufacturing enterprises usually lacks sufficient monitoring of the network, and even cannot implement the optimal network security practice scheme. Limited defense capabilities it makes manufacturing enterprises more likely to become targets of blackmail software attacks. At the same time, the shutdown and business interruption caused by ransomware attacks are also unacceptable to manufacturing enterprises, therefore, the victims of manufacturing industry are often unable to bear the loss and compromise with the criminal organization of ransom on the issue of paying ransom.

The usual trick of blackmail software attacks.

Blackmail software attacks first invade and deploy blackmail viruses through institutional system vulnerabilities, then encrypt and steal important files and confidential data of the organization, and hijack users' access rights to the system or data, then the victim is required to pay a huge ransom. If the requirement is not met, the data will be directly damaged or sold.

Which organizations are the main targets of blackmail?

First, these institutions have abundant financial resources and ability to pay ransom; Second, these institutions have extremely high data value, and hackers can earn profits by selling data.

What are the common security risks in Chinese institutions?

1. There are not a few organizations that use old versions of Office software, which opens the back door for hackers and may face the risks of data leakage, Data damage and blackmail at any time.

2. Some industries, government and enterprise institutions centralize cloud storage of data. Once the storage server leaks, all unprotected data may be stolen.

3. A few government agencies and units have problems such as weak confidentiality awareness, lack of confidentiality knowledge, lax confidentiality management, etc. The control of mobile phones, mobile devices and other electronic devices of secret-related staff is not in place, there are not enough security methods for transferring confidential files and sensitive data.

Therefore, the organization must take corresponding preventive measures as soon as possible, improve its own safety awareness, and strengthen technical management strategies and preventive measures, so as to effectively avoid, reduce or delay the risks brought by data leakage.

What are the most effective ways to prevent blackmail attacks?

1. Strengthen safety awareness and upgrade the system on a timely and regular basis

enterprises organize regular security training, which not only enables employees to understand network security knowledge and standardize data usage processes, but also helps enterprises avoid malicious attacks caused by operational errors.

Major vulnerabilities scanned by threat actors, many of which include older vulnerabilities. Organizations should give priority to upgrading systems and fixing these vulnerabilities.

2. Multiple authentication

threats are adopting various policies to bypass security Detection. Various authentication measures usually threaten attacks by using weak credentials.

3. Fully implement detection and control policies

research shows that data theft and utilization after the blackmail software incident are the greatest losses to the victim organizations. Timely detection and prevention of data dissemination and utilization is the best solution.

4. Encrypt and back up all data

encrypt all data, including mail data stored, backed up, and transmitted. Important and sensitive data must be encrypted and backed up, so as to deal with data leakage and encrypted ransomware caused by ransomware attacks. Users can start the data recovery mechanism to run normally.

Enterprises and institutions shall formulate strict and detailed management systems and strictly implement them. At the same time, they shall carry out data management in terms of security technologies, such as data encryption, data leakage prevention, data tracing, and access control. At the same time, data is classified and decentralized to minimize the risk of core data leakage.

Source: public account of an Xiaoquan