After Spinneys ransomware attack, UAE businesses must ‘prepare in peacetime:’ Experts

Kaspersky data has also shown that attacks related to data loss threats in UAE, such as phishing and scam or social engineering, increased significantly in the second quarter of 2022 by 230 percent compared to the same period, last year.

The company’s security solutions detected 3,481,419 phishing attacks in the UAE in the second quarter alone.

As the country’s digital ecosystem continues to grow, experts agree that retailers and businesses must increasingly take caution.

Just recently, Spinneys, a key retailer in the UAE, was reportedly the victim of a ransomware attack that occurred on July 16, 2022.

The result of the attack catalysed delayed shop openings and data publishing from the retailer’s internal server. As per local reports, Spinneys said that no private banking details were released.

Ransomware is a malware which denies access to files on a user or organisation’s computer. Hackers often encrypt these files and demand the user for a ransom payment to obtain the decryption key.

The easiest way to obtain the key is to pay the ransom, but that’s not always the way to go, experts told Arabian Business.

Preparing in peacetime to avoid ransomware attacks

“The bottom line is that you can’t pay your way out of ransomware and you should prepare in peacetime,” Cybereason’s chief security officer Sam Curry explained.

Curry said that companies, globally, have paid hackers in billions over the past few years and any time an extortion payment is made it fuels more illicit activity, adding that it is never a good idea to pay a ransom “unless an organization is involved in a life and death situation or there isn’t another option available to restore normal business operations.”

Ransomware attacks can have devastating, lasting effects on businesses, and in order for these entities to recover, attackers often ask for payments in cryptocurrency – another concept that is booming in the UAE.

Using cryptocurrency to pay the attacker, allow cybercriminals to receive funds with anonymity, using an encrypted code, making it difficult for authorities to track.

Bitcoin, unlike other cryptocurrencies, is often favoured.

“Most successful cyber-attacks are still leveraging gaps in basic security measures to achieve their goals — initial access gained through phishing or remote access attacks often leveraging legitimate credentials,” BeyondTrust’s chief security strategist EMEA & APAC, Brian Chappell told Arabian Business.

Chappell added these “credentials are often obtained when users reuse company accounts for external websites. Once in the system, the typical attack chain of vulnerability and privileged access enables the attackers to move laterally across the environment until they find valuable information such as that exposed in the Spinney’s attack.”

It was reported that Spinneys is now working with the Dubai Police, who are investigating the breach. No further developments in the investigation were revealed.

Yet, ransomware attacks cannot be fully avoided, especially as website and payment portals continue to evolve.

Acting in real-time

Users must be “conscious of the risks this kind of data breach can expose them to as a significant volume, in individual terms, of personal information appears to have been released,” Chappell said.

However, when a ransomware attack does occur, Chappell urged that customers “be vigilant and to verify suspicious contact with the sender via telephone or other direct communication means before they respond to them. That’s good advice for any time you receive a message you weren’t expecting even if it seems entirely in character for the sender.”

Today, over 80 percent of UAE organisations said they have the right staff and tools in place to manage a ransomware attack, matching the global average, as per Cybereason’s 2022 report titled Ransomware: The True Cost to Business.

Businesses and organisations across the UAE can also implement a few steps to reduce the chances of a ransomware attack and future-proof their line of work, Curry said, recommending a few tips:

1. Practice good security hygiene by implementing a security awareness program for employees, assuring operating systems and other software are regularly updated and patched.
2. Assure key players can be reached at any time of day as critical response actions can be delayed on holidays, weekends or off peak hours when the criminals often attack.
3. Conduct periodic table-top exercises and drills and include those beyond the security team like Legal, Human Resources, IT Support and all the way up to the Executive Suite.
4. Ensure clear isolation practices are in place to stop any further ingress on the network or spreading of the ransomware to other devices. Teams should be proficient at things like disconnecting a host, locking down a compromised account, and blocking a malicious domain, etc. Testing these procedures with scheduled or unscheduled drills at least every quarter is recommended.
5. Evaluate locking down critical accounts when possible. The path attackers often take in propagating ransomware across a network is to escalate privileges to the admin domain-level and then deploy the ransomware. Teams should create highly secured, emergency-only accounts in the active directory that are only used when other operational accounts are temporarily disabled as a precaution or inaccessible during a ransomware attack.