Campari, the very famous Italian beverage vendor, has confirmed it has been hit by a ransomware attack. The attack took down a majority of its IT network. According to reports, the RagnarLocker gang is trying to shake down the company for a ransom to decrypt its important files. The gang is also threatening to release files if the ransom is not paid. This is a very tough position for a company of any size to be in, but particularly a major brand with IP on its network.
Wade Lance, chief technology officer at Illusive Networks had this to say about the incident:
“As we’ve seen with Campari and many others, ransomware continues to be a significant threat to organizations large and small. In response, organizations deploy a variety of defensive solutions and technologies to protect themselves from various new and previously unseen strains of it. Most of the time, this panoply of cybersecurity platforms keeps out the bad guys. But there is an asymmetry when it comes to cyber-attacker offense and large organization defense. Cybercriminals only need to get lucky once when they attack with ransomware to be successful. On the other hand, large organizations must stop every attempted cyberattack aimed at them, and if they are wrong even once the consequences are catastrophic.
As shown by the recently released MITRE Shield framework for active defense, deception is the offensive technology that puts attackers on the defensive against new and previously unseen forms of ransomware. Through the automated placement of false information and infrastructure throughout an organization’s network, deception technology seeks to scramble a potential cybercriminal’s typical decision-making process if they happen to breach a perimeter using ransomware. Fake endpoints, servers, data, applications and many other parts of typical network architecture are interspersed with the real thing, so that potential attackers will have no idea what is real and what is fake. Once they interact with any fake element, they set off an alert that will reveal their presence to defenders, who can then throw them off the network, or collect detailed forensics to study attacker behavior. Thus, if attackers can get in with new ransomware, they still can't do anything or move laterally once they are past the perimeter.”