Cyber Attak
The compromised data included a wide range of sensitive information, including budgets, cash flows, balance sheets, tax returns and bank statements.

In a recent cyber onslaught, Welsh company Owens Group fell victim to a devastating breach, culminating in the exposure of its confidential data on Lockbit's shadowy domain on the 'dark web'.

Lockbit ransomware, notorious for its involvement in numerous global cyber-attacks, was the alleged perpetrator in this instance.

Cyber risk management authority Andrew Martin, CEO of Dynarisk, shed light on the situation, saying: "If the data is posted, it usually means they didn't pay the ransom, estimating the ransom demand to have ranged from £1 million to £2 million ($1.2 million to $2.5 million)."

The compromised data encompassed a breadth of sensitive information, spanning financial records like budgets, cash flows, balance sheets, tax returns and bank statements. Additionally, client particulars, including addresses, contact numbers, payment details, contracts and employees' personal information such as passport scans and contractual details, were also laid bare.

The aftermath of such a breach can potentially open floodgates to catastrophic repercussions. Martin cautioned that once private data hits the dark web, it serves as fodder for a multitude of hackers. They exploit this information to mount additional attacks against the afflicted company, its clientele and staff members.

The ramifications extend beyond data exposure, encompassing risks like financial loss, business disruptions, tarnished reputation, customer erosion and the looming spectre of regulatory fines and legal entanglements.

Moreover, the ethical quandary of paying ransoms comes into play. Brandon Fried, executive director of the US Airforwarders' Association, highlighted the legality concerns surrounding ransom payments in the US and the EU. Viewing it as potentially aiding criminal activities and funding terrorism, such payments place affected companies in an ethical and legal bind.

So, what defensive strategies can companies employ to safeguard against such onslaughts? Prevention emerges as the crux of the matter, as per Fried. Martin delineated five pivotal preventive measures: robust deployment of anti-malware controls across the organisation, stringent control of privileged access accounts, offsite or segregated backups with regular restoration tests, prompt software updates to address vulnerabilities and the adoption of comprehensive cyber insurance policies.

The peril of cyberattacks isn't an isolated incident confined to Owens Group. Earlier this month, global port operator DP World grappled with a significant cyberattack, resulting in approximately 30,000 service disruptions. This incident followed a similar assault on Nagoya's port in July, underscoring the vulnerability of critical infrastructure.

Project44 emphasised the critical need for holistic cybersecurity education for staff, continual maintenance of effective cyber safety measures and contingency plans to navigate manual processes during disruptive events. Despite attempts to reach out for commentary, Owens Group remained unresponsive.

Adding to the prevailing concerns, last week saw the FBI and CISA jointly issue a Cybersecurity Advisory (CSA) cautioning about Rhysida ransomware attacks targeting organisations across diverse industry sectors. This report, part of the ongoing #StopRansomware campaign, disseminates critical information about tactics, techniques and procedures (TTPs) and indicators of compromise (IOCs) associated with ransomware groups.

The advisory sheds light on Rhysida ransomware's active presence since May 2023, revealing at least 62 companies falling prey to the gang's operations. The targets span various industries, including education, healthcare, manufacturing, information technology and government sectors, with the victims categorised as "targets of opportunity".

"Threat actors leveraging Rhysida ransomware are known to impact 'targets of opportunity,' including victims in the education, healthcare, manufacturing, information technology and government sectors," the joint advisory emphasised. It drew parallels between Vice Society (DEV-0832) activities and the observed deployment of Rhysida ransomware.

Additionally, the report highlighted instances of Rhysida actors operating in a ransomware-as-a-service (RaaS) capacity, where ransomware tools and infrastructure are leased out in a profit-sharing model, with ransom payments split between the group and affiliates.