An organization that is trapped through the ransomware attack and the company is ready to pay the money to the Cybercriminials while restoring their data but somehow the attackers contacted the organization after two weeks and demand the ransom again.

This entire operation was examined by the United Kingdom National Cyber Security Center and the organization that was infected by the attack is still unnamed and paid million in the form of bitcoin to the hackers while restoring their data and retrieving the files.

Where the major mistake is done by the organization is that they were unable to examine how the hackers infected their network. Therefore the organization had to pay the money another time to the attackers while negotiating the data.

What Happened Exactly?

According to the experts the organization paid the ransom of £6.5million and get their data back. However, the organization didn’t identify who are working behind this attack and the root cause while securing the data. Two weeks later, the same group attacked the organization using the same mechanism that they executed before and deployed the ransomware into their systems. This time the organization felt that they had to pay the ransomware again while decrypting their data.

The National Cyber Security Center of the UK has published the incident as a lesson for other organizations that signifies that if you were infected with a ransomware attack, then the organization had to find out the root cause of it before paying the ransom to the hackers.

The NCSC also said the multiple victims reach out and they examine their cause, working on getting their data back while they can run their business again. But the actual problem is that ransomware is a serious problem and it may infiltrate the organization’s network.

While installing the ransomware, the attackers may get access to a backdoor present in the network of the organization. That backdoor causes a serious issue for the organization network because they may have the admin right and other login details of the organization.

In case the attacker has that details, they can easily deploy another type of cyber attack if they wanted to and they do as you were seen with the above organization.

Although the organization also followed these tips while securing your network from ransomware attack;

Tips to Prevent Ransomware Attacks

• Never Connect Doubtful Links: Don’t click on spam email connections, always review the emails before downloading any data from the attached link. Once the ransomware is inserted into your computer, it will start encrypting the files and then demand ransom to recover your data. 
• Employ Anti-Virus and Email Filtering Software: Constantly review the updates of antivirus correspondingly confirm that you used email filtering to safeguard from ransomware attacks.
• Don’t Unlock Untrusted Email Attachment: If you receive an attachment and you are not sure about the sender then do not open it without confirming with the person or scan the attachment with an antivirus. Never open attachments that ask you to macros to view them. The attachment looks genuine but they contain malware that controls your system.
• Download from Trusted Sites: Always download everything from trusted sites. Read the license agreement and demonstrate that site uses HTTPS instead of HTTP. Always open verified sites for example Android users should download the data from Play Store and iPhone users can use iTunes.
• Never Share Your Confidential Data: Avoid sharing your private information to anyone over call, text, email that comes from an untrusted source. Attackers use your information in a phishing email to target you. Many attackers may steal your data information and infect your system with the help of your information.
• Backup your Data: Continuously back up your crucial data to an external hard drive. The most necessary thing to prevent ransomware attacks is always to keep a backup of your data on local or cloud storage accordingly. Once the data is backed then remove the drive from the system.
• Employ Strong Passwords: Do not use a weak password like 12345678, always use a strong or encrypted password like 185@abc to control unauthorized access.
• Inspect the Attached Devices: Never use any removal device if you are not aware of them. Many attackers infect the removal devices and left them in public places.
• Encourage User Awareness: Consistently aware of your employees about how to spot this threat. Guide them about the precluding methods and always advise them to take a backup of their data.
• Maintain System Updates: Immediately install the update delivered by your OS to patch the vulnerability present. Always update your installed applications to bypass the random invasion.

Summering Up

However, the organization who are suffered from these types had to examine how the attackers can do that, the victim had to check how the malware is installed into their system. Some victims may believe that paying the ransom is a great option and it is the quickest and most cost-effective way while retiring the data, but this ransom may cost millions and it is not guaranteed that these hackers will not attack you again.

The NCSC also said that the best way to avoid these types of attacks is to secure your network against these types of attacks by executing and applying all the security patches and updating the OS and also applying the two-factor authentication.

Experts also advised that the organization had to take the regular backup of their data and keep it offline these small steps will revoke big damage.