What happened?
During the Covid-19 lockdown and restrictions era around the world, The one thing out of the many that has flourished on the wrong side were either ransomware attacks or cyber attack campaigns against corporations or countries. One of such thing has happened recently Or what it is being claimed to have happened. The researchers at Cyble Inc said, they have come across the post of Nefilim ransomware operators in which the operators claim to have breach an European company SPIE Group.

What is a Ransomware? Is Nefilim Ransomware any different?
Ransomware is a type of malware which is used to target victims either randomly or in a selective manner to encrypt devices,servers etc leaving the victims reach of their own data, out of bounds. When the devices are encrypted by the perpetrators, The victim are then left with a threat note in a form of a txt file on their system, which includes the information about what the criminal wants in exchange of his hostaged data including an ultimatum.

Usually these notes include threat and ransom amount value that the victim has to shell out in a form of Bitcoin to release their data out from the grasp of encryption the criminal has made. Whether or not after the payment victim can get its data released a debatable, but this is how a ransomware works.

Nefilim ransomware is just the type of ransomware described above. The operators of the ransomware contact the victim for ransom in exchange of freeing their data else threaten to release or destroy it if their offer is not accepted. According to the footprints of Nefilim, it can be assumed, that the operators of this ransomware has most of their time targeted organizations or Multinational Corporations (MNC’s) in exchange of huge ransom payout.

What claims have the Nefilim ransomware operators made?
According to the report of Cyble Inc, The ransomware operators published some part of the data of around 11GB. On verifying the data, the researchers of Cyble Inc found out that the data leak consists of corporate operational documents that includes:

  • Telecom services contract.
  • Dissolution legal documents.
  • Power of attorney documents.
  • Infrastructure group reconstructions contracts.

The report says a total of 65,042 data files and 18,551 data folders of SPIE group seems to have been leaked by the ransomware operators.

Here are some screengrabs provided in the report:

What sectors does SPIE group represents in?
SPIE group is an independent European leader which has subsidiaries in Belgium,Netherlands, UK,France etc along with strong presence in Africa, Middle East, Asia and South America. SPIE Group is a multi-technical service provider in the areas of:

  • Mechanical and Electrical services
  • Information and Communication Technology services
  • Technical Facility Management
  • Transmission and Distribution
  • Smart city projects
  • service projects in areas of energy like nuclear, renewable energies also including Oil and gas.

The group has more than 47,200 employees and a has revenue around 6.9 billion euros and consolidated EBITA of 416 Million euros.

What should you do to prevent yourself/company from such ransomware attacks?

Data breaches, Data leaks, DDoS, Ransomware attacks, Defacing of websites etc can be quiet damaging to not only the finances of a organisation/individual but also affects their reputation and other aspects in the industry. There aren’t any proactive counter measures which can help you during such attacks though. Hence, it is always better to prepare, as Prevention is better than cure.

Here are some steps you can take to ensure your preventive measures against such scenarios:

  • Educate and train yourself & your employees against such attacks. Training against the known attack procedures can help you in long way.
  • Do not open any email whose source can’t be trusted. report the same to your admins for further investigation.
  • It is better to backup all the data that is being stored in your devices or servers. it is always better to have offline backups which can come in handy during such scenarios.
  • Rely on a good and trusted Security tools and solutions. No compromise can be done here as they are guarding your business.
  • Keep your private and work devices separate. If not possible, at least use different user environment on devices.
  • Use trusted VPN provider for your/organization devices and network. Don’t fall into the free VPN trap. They usually don’t work and store your information.
  • Always keep your devices up to date. You should install all the latest patch, drivers that are released only by the hardware manufacturer of your devices.
  • Try not to access websites whose identity cannot be verified. Most of these websites can be identified by their shady website UI and offering of Paid software’s in free.
  • Always listen to your IT Security consultant and plan your steps accordingly. You might know your business well, but your IT security consultant knows your systems and network better.
  • Do not pay ransom to the ransomware operators ever. This would never ensure whether you would get your data back or the operators would not public or delete your data.

By Siddhant Pathak

Cyber security architect, 7+ years experience in cyber security industry, Tech savy, Nature lover, Bullet 350 rider

Have some thoughts? why not share with us here.