The Department of Information and Communications Technology suggested authorities businesses to evaluation insurance policies relating to staff bringing their very own gadgets and the entry administration insurance policies on work-from-home preparations as a result of Medusa ransomware.
In a memorandum dated September 24, 2023, DICT Undersecretary for Cybersecurity, Connectivity, and Upskilling Jeffrey Ian Dy warned in opposition to the Medusa ransomware, which the company had noticed since June 2021.
According to the DICT, the Medusa ransomware is distributed by exploiting publicly uncovered Remote Desktop Protocol (RDP) servers by way of brute power assaults, phishing campaigns, or by exploiting current vulnerabilities.
The ransomware is alleged to maneuver laterally on the community to contaminate different machines by way of Service Message Block (SMB) or by exploiting the Windows Management Instrumentation (WMI).
“When executed, the Medusa ransomware terminates more than 280 Windows services and processes for programs that could prevent file encryption,” the memorandum learn.
Among the providers terminated are mail, databases, backup servers, and safety purposes. The ransomware will then delete Windows Shadow Volume Copies to stop them from getting used to get well information.
Moving ahead, the DICT known as on authorities businesses to evaluation and replace their “bring your own device” (BYOD) insurance policies, and the entry administration insurance policies of their digital belongings on work-from-home preparations, particularly on the usage of non-government issued computer systems.
It additionally known as for the common monitoring of their assault floor and conduct port inventories, backup information, methods, processes, and different digital belongings, and implement a safety info and occasion administration system.
The memorandum additionally really helpful the replace of all put in packages, the implementation of account lockout insurance policies, and a restoration plan that maintains a number of copies of delicate or proprietary information. — DVM, GMA Integrated News
Source: www.gmanetwork.com
