A realty firm called Ansal Housing recently fell prey to a ransomware attack, which resulted in possible data loss. The firm said multiple ransomware attempts were made on its IT systems, and have been continuing since late February 2021. The firm declared the attack in a regulatory filing where they were required to provide proper documentation and correspondence for legal compliance, to the relevant realtor authorities.
The ransomware attack was carried out in waves, and despite catching wind of it and having time to put precautionary measures in place, the firm ultimately succumbed to lost data.
How was the ransomware attack carried out?
Ansal Housing first came to know of the attack when the receipts of their email communication failed to deliver. This led them to investigate their severely impacted email inbox. It was then revealed that during the period between February 26th and March 6th, suspicious hacking activity was being carried out on their email. On March 7th, Ansal Housing was able to restore the email systems and bring it back to a working state.
After a smooth sailing of just 20 days, the realty firm’s email was hit again by the second rampage of email attacks, on 26th March. This time, it took some time to recover from the attacks; the systems were restored by the 4th of April.
So, what was the impact of these ransomware attacks? The realty firm, although able to get their affected email solution ‘bandaged’, could not recover any email communication received during the attack windows.
Ansal Housing employed the services of a third-party security firm, which performed strict security audits which ultimately weeded out the ransomware attack.
The major blow they sustained wasn’t the downtime of their emails, but that they were completely in the dark over the emails sent during the active attacks. Both inbound emails and outbound emails were irrecoverable. The firm had no inkling over what type of emails were sent to outsiders. The dangers of this happening are obvious; you never know what emails were sent under your guise to your customers and partners. Not only did they lose precious data, they also ran the risk of serious brand damage.
Protection from Ransomware Attacks
What is a ransomware attack?
A ransomware attack is a cyber attack in which a hacker injects a malware which locks you out of your own system. A ransomware blocks your access to your files and data. The hackers typically leave a single accessible file open for the victim, generally containing the contact details of the hacker. The victim, much like an actual containing kidnapping, reaches out to the hacker with the monetary compensation.
However, like in the realty case, a ransomware attack does not always target the filesystem of the victim. Sometimes, they restrict access to their emails. And like you may have noticed, this time the hackers did not ask for money in return.
We suspect the intention behind this ransomware attack was not get money from the victims but rather have total control over Ansal Housing’s email. The hackers could then do any number of malicious activities like dupe invoices, flood Ansal Housing’s customers’ inboxes with spam, and get access to financial email communication.
Ransomware Attack Prevention
The gateway for most email attacks happening for the past few years has been email. By protecting your email with maximum security you can prevent the phishing attacks which are the first step in injecting the malware which finally launches the ransomware attack. Also, read our complete guide on ransomware protection to find actionable steps you can take to prevent such ransomware attacks in your organization.