Recently, medical institutions in Taiwan have been frequently attacked by ransomware. The Ministry of Health and Welfare (MOHW) has issued a notice defining this incident as a "systemic attack" and does not rule out the possibility that other hospitals may become the next target.This article explains the important principles of responding to ransomware to help companies and organizations respond effectively.
After Mackay Memorial Hospital was attacked by the ransomware organization CrazyHunter in early February, Changhua Christian Hospital was also attacked by ransomware in early March. After MOHW convened relevant vendors for investigation and confirmation, it was confirmed that the March attack was also done by CrazyHunter. TeamT5 has promptly grasped the threat situation and compiled IoC intelligence of the malware for the serial attacks. The TeamT5 Managed Detection and Response (MDR) team proactively assisted cloud customers to complete a thorough scanning covering all endpoints in their environments. Currently, there are no signs of ransomware attacks.
When faced with a ransomware attack, companies should first isolate the compromised devices to prevent the malware from spreading; then assess the scope of impact, confirm whether there are available backups, and seek assistance from cybersecurity expert teams or law enforcement agencies. At the same time, we would like to urge everyone not to pay the ransom in the first place, because doing so will not only be unable to guarantee data decryption and system recovery, but may also encourage attackers' extortion behavior.
Most importantly, companies should strengthen their cybersecurity defenses, such as using endpoint detection and response (EDR) software to monitor endpoints within the organization at all times. If abnormal behavior is detected, EDR can immediately block malicious ransomware attacks.
The ThreatSonar Anti-Ransomware are independently developed by Taiwan local cybersecurity company TeamT5, which are designed specifically to help block ransomware. Through the engine's self-learning mechanism, it automatically determines commonly used programs or new malware and effectively scans encrypted files. The platform has also won the Gold Award of Computex Best Choice Award at the international exhibition COMPUTEX TAIPEI. It provides companies and organizations with timely detection, immediate interception of threat attacks, as well as visibility into attack paths, facilitating quick response to incidents and taking protective measures.
After completing the simple deployment of ThreatSonar Anti-Ransomware, companies can effectively defend against ransomware and avoid similar incidents that have occurred recently. The video below shows how ThreatSonar successfully blocks a ransomware attack.
that can automatically issue real-time alerts, remove programs, etc.
ThreatSonar Anti-Ransomware immediately blocks it and terminates the program execution.
it displays the attack path on the "Incidents" page.
In the face of unknown and serious ransomware attacks, TeamT5 urges companies and organizations to prepare in advance.
The following are the measures for prevention, detection and response:
- Check whether the permission control status of external systems and VPN devices is solid.
- Confirm whether network access rules and account permission policies comply with the least privilege principles.
- Confirm whether the mechanism of data backup and restoration is complete and is not likely to be controlled and cleared by attackers.
- Implement vulnerability and patch management processes for system and device, and strengthen endpoint protection measures.
- Stay informed on cyber threat intelligence, prepare in advance and rectify weaknesses that may be attacked.
- Establish an incident response process.
TeamT5 has assisted many local and international companies in dealing with ransomware attacks. The award-winning team is the most reliable partner for companies in responding to incidents, defending diverse malware intrusions and shielding against the evolving attacks.Contact us today for a free trial.