Shulou(Shulou.com)06/01 Report--

The kidnapping of the core data of the enterprise, which led to the shutdown of the whole service system, is the real experience of Garmin recently.

(Garmin was blackmailed)

A sky-high ransom of $10 million

On July 23, Garmin, a well-known international brand of GPS devices, was attacked by malicious ransomware, which affected many online services, including website functions, customer service support, terminal applications and corporate communications. The attacker demanded a ransom of $10 million from Garmin, threatening to delete all data on the server.

(Garmin official Weibo announcement)

Under the influence of ransomware, Garmin users around the world are unable to synchronize their exercise and health data except in Chinese service areas. For Garmin aviation equipment customers, the problem is even more serious. Pilots are unable to download the version of Garmin's aviation database to the aircraft navigation system, which is a mandatory requirement of the Federal Aviation Administration. In addition, the company's factory production lines have also been affected. After the incident, Garmin's Taiwan factory closed its production line on the 24th and 25th.

As an international well-known GPS equipment brand, Jiaming is involved in smart wear, maritime navigation, air navigation and other fields. The invasion of blackmail virus is a great challenge to Jiaming's industry and business.

This even leads to a worst-case scenario:

Hacker organizations are likely to have stolen Jiaming's user data before the blackmail virus attack. Jiaming can only accept threats from hacker organizations if it wants to restore users' cloud data. These user data will definitely involve privacy, and if hackers leak user data and cause actual losses to users, Jiaming is likely to face a lawsuit, resulting in much greater economic losses.

According to Sky News, Garmin has paid a huge ransom to the attacker through a third-party company and obtained the secret key.

The nightmare is hard to go away, and the ransom of tens of millions is going on.

In the past, Honda's business was paralyzed by ransomware; today, Garmin was extorted a ransom of $10 million.

Blackmail virus invade the system

Since its birth in 2017, the blackmail virus has been ubiquitous. In order to maximize profits, in most cases, after the extortion virus captures a network asset of an enterprise, it will often use the asset to continuously infiltrate and capture more assets, and then a large number of file encryption modules will be implanted, thus forcing the enterprise to pay the ransom when the business system is paralyzed in a large area.

Nowadays, more and more enterprises are like Garmin, where data is accumulating and increasing massively, sharing data on multiple applications and platforms, and comprehensively enhancing the experience of their products and services with the advantages of cloud and big data, but data security threats continue to increase, and incidents like Garmin will continue to unfold.

In this regard, enterprises should constantly improve the level of security, strengthen safety protection measures, and take proactive defense measures in the face of unknown and sudden blackmail viruses, so as to avoid "disasters falling from heaven."

Active pursuit, Meichuang Noah defends against blackmail and defeats the enemy.

The effective way to resist the virus is active defense. In order to better deal with the threat of known or unknown blackmail viruses, through the analysis of a large number of extortion viruses, Mechuang independently developed a security product against extortion viruses [Metro Noah anti-blackmail system]. It can take the initiative to defend against known or unknown blackmail viruses without caring about the spread of vulnerabilities, which can solve the problem of blackmail more thoroughly and effectively.

(Noah anti-extortion system protection approach)

For example, the current blackmail attacks against the database have become "popular" and become the main targets of hackers. Once the database files such as Oracle,SQL Server are encrypted by blackmail software, the losses are often the heaviest. The database file stores the data of the core business system, and the database file is encrypted and extorted, the core business will be forced to terminate, causing business paralysis for a long time, and the data can not be recovered for weeks or even months.

In this regard, Metro Noah anti-extortion system creatively applies whitelist technology, which can specify Oracle, SQL Server, DB2 and other database types and trust executable programs as "whitelist" (such as oracle.exe), add existing database files that need to be protected, and new database files will be automatically protected. In that case, the unauthorized executor attempts to modify the database file, which is identified as a suspicious extortion event by the Mectronov anti-extortion system and is intercepted in time, allowing only the trusted executor to perform relevant operations on the protected database file.

(Noah anti-extortion system protection process)

In addition, Mectronoa anti-extortion takes into account more complex enterprise anti-extortion scenarios, such as document anti-blackmail, dumb end anti-extortion.

It also has the following advantages:

1. Security defense is uninterrupted: after installing Mectronoya anti-extortion system, the client has the ability to defend against extortion virus attacks, whether in the state of having the network or off the network.

2. Blackmail behavior blocking is more accurate: Metronoya anti-blackmail system accurately identifies the operation behavior of all applications, and carries out timely blocking and alarm once it is blackmail or suspected behavior.

3. Terminal security is known like the back of your hand: Mectronoya anti-blackmail system management center can monitor all terminal protection equipment information, including equipment information, protection status and so on.

4. Remote operation is faster and more convenient: Mectronoya Anti-blackmail system Management Center can remotely directly control the protection mode of terminal equipment, as well as the distribution of all security policies.

5. Timely detection of potential threats and timely protection: Metro Asia anti-blackmail system puts in special trapping documents, aiming at the behavior of suspected blackmail virus, the successful entrapment can record its information, and carry out protection and analysis.

In the digital age, in the face of insurmountable security risks, enterprises should choose more active defense methods to resist all kinds of extortion virus attacks and protect data assets. At present, Meituangnoya anti-extortion system has a lot of successful protection experience to help enterprises take the initiative to defend and defeat the enemy.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.