How much do we really enjoy technology in the workplace?

Security expert in a ransomware attack in the Dominican Republic

A person using a computer. — © Image by Tim Sandle

Instituto Agrario Dominicano Dominican Republic attacked by Quantum ransomware. As a result of the attack, several services and workstations in a government institution were encrypted. The attack encrypted several services and workstations in a government agency. Due to the lack of security measures in the agency, where only basic security software was installed, IAD information was completely compromised.

The Instituto Agrario Dominicano (IAD) is part of the country’s Ministry of Agriculture and the agency is primarily responsible for implementation of agrarian reform programs inside the country. The Quantum ransomware claims to have gained access to over 1TB of data and has demanded a public ransom of more than $600,000 from IAD.

Considering the issue for digital magazine Stéphane Schenette, co-founder and CTO in AttackIQ.

Chenett begins by looking at the people behind the cyberattack and the rationale behind it, noting, “Last month alone, the Quantum ransomware group was responsible for a data breach that affected more than 650 healthcare providers. Now the Instituto Agrario Dominicanothe in the Dominican Republic has come under ransomware attack by Quantum.”

In terms of impact, Shenett believes: “Personally identifiable information, including names, email addresses, databases and applications, has been hacked. This data can now be bought and sold for big money on the dark web, further exposing victims to future scams or phishing attacks. Additionally, this attack disrupted the agency until a $600,000 ransom was paid to Quantum.”

That the public sector has come under attack is not surprising, given the sheer volume of data stored on public servers.

This leads Shenett to say: “Government organizations are an attractive target for cybercriminals due to the large amount of sensitive information they hold. It is critical for all organizations that manage sensitive information to adopt a threat-aware cyber defense strategy.”

Building on this recommendation, Shenett adds, “This approach should be adapted to focus on the attackers most likely to affect their operations in order to maximize their ability to protect sensitive information.”

In addition, Shenett advises: “This should include matching organizational capabilities and security controls to specific attack scenarios to measure their readiness to detect, prevent and respond to these threats. They should also conduct ongoing assessments of existing security controls to detect gaps before a hacker discovers and exploits any weaknesses.”

There are other approaches that businesses and governments should take, which Shenett describes as follows: “In order to best protect against ransomware attacks, it is also important to understand the general tactics, methods, and procedures used by an attacker.”

Schenette’s latest recommendation is: “Using the MITER ATT&CK infrastructure, government organizations can test their cyber defenses against known threats and make sure their defenses are working as expected. This gives organizations ready-made adaptive tools for threat planning.”

Previous Post
Shanghai pensioner Mou Guoying has spent the past three months crocheting woollen roses for Beijing Olympic medallists' bouquets
Blog

Internet data suggests people are worried about affordable pensions

Next Post
Seventeen states must decide whether to adopt an electric vehicle mandate in California.
Blog

Seventeen states must decide whether to adopt an electric vehicle mandate in California.

Leave a Reply

Your email address will not be published. Required fields are marked *