What happened?
A recent report by Cyble Inc discloses that Forsee Power was breached by the Netwalker ransomware. Forsee Power has headquarters in France, USA and is a well known player in Electromobility market. The company specializes in smart battery systems for electric transport.

How did the breach occurred?

screenshot of the ransomware operator blog.

The operators behind the ransomware, claimed on their blog that the breach on the company’s servers has been done by them. To further solidify their claims, the operators have shared screenshots of directories like account receivable, Finance collection letters, Expenses, Employees etc.

Below are the screenshots provided in the report by Cyble Inc:

Screenshot of the data stolen provided in the report by Cyble Inc.
Screenshot of the data stolen provided in the report by Cyble Inc.

What is Netwalker ransomware? who are the operators behind it?
Ransomware is a malware which has been designed to extort money from the targeted victim in forms of bitcoin. Netwalker ransomware on the other hand is a new ransomware which has been disrupting and targeting victims, organisations actively since the Covid-19 outbreak.

Netwalker ransomware operators attack their target initially by releasing phishing electronic mails which is filled with VBS[Visual Basic Scripting] loader. What is surprising to know that the same operators have started to target VPN [virtual private network], web apps UI or RDP connections with weak security measures or protocols. The operators behind the netwalker ransomware are still a mystery.

What measures can you take to prevent such scenarios:
Data breaches, Data leaks, DDoS etc can be quiet damaging to not only the finances of a organisation/individual but also affects their reputation and other aspects in the industry. There aren’t any proactive counter measures which can help you during such attacks though. Hence it is always better to prepare, as Prevention is better than cure.

Here are some steps you can take to ensure your preventive measures against such scenarios:

  • Educate and train yourself & your employees against such attacks. Training against the known attack procedures can help you in long way.
  • Do not open any email whose source can’t be trusted. report the same to your admins for further investigation.
  • It is better to backup all the data that is being stored in your devices or servers. it is always better to have offline backups which can come in handy during such scenarios.
  • Rely on a good and trusted Security tools and solutions. No compromise can be done here as they are guarding your business.
  • Keep your private and work devices separate. If not possible, at least use different user environment on devices.
  • Use trusted VPN provider for your/organization devices and network. Don’t fall into the free VPN trap. They usually don’t work and store your information.
  • Always keep your devices up to date. You should install all the latest patch, drivers that are released only by the hardware manufacturer of your devices.
  • Try not to access websites whose identity cannot be verified. Most of these websites can be identified by their shady website UI and offering of Paid software’s in free.
  • Always listen to your IT Security consultant and plan your steps accordingly. You might know your business well, but your IT security consultant knows your systems and network better.

By Siddhant Pathak

Cyber security architect, 7+ years experience in cyber security industry, Tech savy, Nature lover, Bullet 350 rider

Have some thoughts? why not share with us here.