North Korea Implicated in Ransomware Attack on Major U.S. News Media
Attack Stops Wall Street Journal and New York Times Presses
As reported by numerous news organizations, such as CyberheistNews and Forbes, North Korea has been implicated in a Ransomware attack that prevented the distribution of many leading U.S. newspapers, including the Wall Street Journal, New York Times, Los Angeles Times, Chicago Tribune and the Baltimore Sun. Tribune Publishing first detected the malware within corrupted files said to contain the Ryuk fingerprint of a ‘.ryk’ extension.
Recommendations to protect your network.
- Educate Users – put them through security awareness training so they never click the link, fall for the scam, open the attachment, etc. that allowed any ransomware to run in the first place!
- Weapons-Grade Backups – any data that’s worth protecting (which includes specific critical endpoints) should be backed up regularly and the restore function tested frequently to make sure you actually have that backup.
- Scan your network to identify any open RDP ports and ideally disable RDP completely on all Windows machines if possible. By default, the server listens on TCP port 3389 and UDP port 3389.
- Add 2-factor authentication for any and all remote logins.
Contact the experts at MTBW Services to learn how to security solutions to protect your data and deploy Weapons Grade backup solutions.