{"id":3086,"date":"2017-06-19T13:37:42","date_gmt":"2017-06-19T20:37:42","guid":{"rendered":"https:\/\/zed.inguardians.com\/?p=3086"},"modified":"2019-08-19T13:42:06","modified_gmt":"2019-08-19T20:42:06","slug":"nation-states-in-the-ransomware-business","status":"publish","type":"post","link":"https:\/\/zed.inguardians.com\/brief\/nation-states-in-the-ransomware-business\/","title":{"rendered":"Nation-states in the ransomware business"},"content":{"rendered":"<h5 class=\"et_pb_toggle_title\">06\/19\/2017 Nation-states in the ransomware business<\/h5>\n<div class=\"et_pb_toggle_content clearfix\">\n<p><strong>Issue<\/strong><\/p>\n<p>Nation states are now confirmed to be using ransomware campaigns to fund state coffers. \u00a0 British National Cyber Security Center (NCSC) reported this week that the WannaCry ransomware attack was launched from North Korea.\u00a0 This follows the United States National Security Agency (NSA) assessment with the same conclusion.\u00a0 Security experts believe that the attack was launched by the Lazurus Group tied to the government in Pyongyang.<br \/>\nImpact<br \/>\nThis revelation further emphasizes the need for full backup, recovery and continuity plans to be tested and refreshed. \u00a0While most of our customers have a robust patching, backup and recovery processes in place, we see from news reports the impact WannaCry had on critical production networks. \u00a0Many organizations have lost their data, or access to critical systems while being locked out during a ransomware attack. \u00a0E.G. British National Health Service systems were crippled during the WannaCry attack<br \/>\nRecommendations<\/p>\n<p>InGuardians recommends reviewing, testing and validating your patching, and backup\/recovery processes. \u00a0Incident response\u00a0capabilities should be tested as well, guided by an internal Red Team exercise designed to emulate the\u00a0ransomware attack threat model. \u00a0InGuardians does not recommend paying for the return of your data. \u00a0See link below for new regulations that might impact the practice of paying your way out of ransomware.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Articles related to this issue:<\/strong><\/p>\n<ul>\n<li><a href=\"https:\/\/www.wired.com\/2017\/05\/ransomware-meltdown-experts-warned\/\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/www.bbc.com\/news\/technology-40287390<\/a><\/li>\n<li><a href=\"https:\/\/www.wired.com\/2017\/05\/ransomware-meltdown-experts-warned\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.wired.com\/2017\/05\/ransomware-meltdown-experts-warned\/<\/a><\/li>\n<\/ul>\n<p><strong>NIST Incident Response:<\/strong><\/p>\n<ul>\n<li><a href=\"http:\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-61r2.pdf<\/a><\/li>\n<\/ul>\n<p>Bitcoin regulations to prevent infosec companies from helping organizations pay ransom:<\/p>\n<ul>\n<li><a href=\"http:\/\/fortune.com\/2017\/06\/18\/regulations-bitcoin-hacking\/\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/fortune.com\/2017\/06\/18\/regulations-bitcoin-hacking\/<\/a><\/li>\n<\/ul>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>06\/19\/2017 Nation-states in the ransomware business Issue Nation states are now confirmed to be using ransomware campaigns to fund state coffers. \u00a0 British National Cyber Security Center (NCSC) reported this week that the WannaCry ransomware attack was launched from North Korea.\u00a0 This follows the United States National Security Agency (NSA) assessment with the same conclusion.\u00a0 [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[169],"tags":[117,134,157,135,120,121,28,84],"_links":{"self":[{"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/posts\/3086"}],"collection":[{"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/comments?post=3086"}],"version-history":[{"count":1,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/posts\/3086\/revisions"}],"predecessor-version":[{"id":3087,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/posts\/3086\/revisions\/3087"}],"wp:attachment":[{"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/media?parent=3086"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/categories?post=3086"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/tags?post=3086"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}