The next time you get an unsolicited message from a helpful sounding tech support representative offering to pinpoint your network weaknesses, run—don’t walk. A new gang of North Korean cybercriminals known as HolyGhost has been attacking schools, small manufacturers, and events companies, shutting down their networks or holding their data ransom.
Until now, HolyGhost has been seen mostly has a nuisance because its ransoms have been relatively small (less than 2 Bitcoins or up to $100k) and these smaller enterprises simply pay the ransom rather than losing their data or having it exposed publicly. But, as is the case with most criminals like this, they will continue to operate, and more brazenly, until they are caught. Now is a good time to check your security protocols to make sure you don’t fall victim to HolyGhost (or a group like them):
- Don’t be a two-time victim. HolyGhost has a reputation for attacking their victims again—perhaps assuming no one thinks they’ll be attacked twice. If you end up paying the ransom, tighten up your security ASAP.
- Seek out help if you need it. Never accept help from or let down your defense to unknown sources. Research some specialists yourself and reach out with questions.
- Keep an eye on the news. Because ransomware gangs are often working, even if informally, in conjunction with the North Korean government, attacks are more likely to come following implementation of sanctions. The logic goes that if North Korea can’t make money through normal commerce channels, they’ll seek out gangs like HolyGhost to help restock the coffers.
- Never download “encryption tools” or click on links from unknown sources. One of HolyGhost’s moves is to send a message saying they are here to help decrypt your files and that using any other service may damage your files. Don’t click anything or download anything. Contact your network security immediately.
As always, your best defense is a proactive posture. Make sure your ransomware is up to date and ensure your family, colleagues, and employees know what to do if they are contacted by HolyGhost or groups like them. Bad guys are inevitable but the damage they can do is not!