A company was victim of the same ransomware twice

Posted date 04/02/2021

Toby L., technical lead for Incident Management at the National Cyber Security Centre (NCSC), explains, in a new post, the evolution of ransomware and the importance for companies, which have suffered this type of cyberattack, to investigate how they were infected so that they are not in the same situation again.

The post highlights the case of an anonymous company that paid a ransom of around $6.5 million to recover its files and restore its encrypted systems after falling victim to ransomware. However, two weeks later, the company was attacked again by the same cybercriminals, using the same ransomware, and she paid the ransom again.

Neither the company bothered to implement measures after the initial cyberattack nor investigate the cause. This is where Toby L. stresses the company's mistake, in not examining the network after the ransomware incident and finding out how the cybercriminals managed to access it undetected.

The real problem, he says, is not the ransomware, but the extent and duration of access to the network by the cyberattackers, who may also have installed backdoors in the network or acquired root rights.