National Cyber Security Centre's weekly review – 33/2024

What on earth is ransomware? 

We published an Information Security Now! article on how ransomware works and how to protect against it. The article is aimed in particular at private individuals and small organisations, but we also explain how the threat is manifesting itself in larger organisations.

Ransomware is a program that blocks the normal use of a device and demands a ransom payment to criminals. This type of malware is also known as scareware. Individuals and small organisations are particularly at risk from malware distributed randomly to a large number of recipients, often through spam, spoofed files or software vulnerabilities. Targeted attacks, on the other hand, are a concern for larger organisations, as they require more effort from criminals and often target companies with a high ability to pay.

A ransomware attack can be noticed by, for example, a ransom message, a data security product alert or by blocking access to files. A computer system under attack may simply stop working for no apparent reason. If the files have no backup, the data may be gone forever.

For private individuals, the loss of data doesn’t usually mean a financial loss, but the emotional value of the destruction of a family digital photo album, for example, can be huge. For businesses, however, the financial impact of a ransomware attack can be significant due, for example, to business interruption and repair measures. If ransomware targets systems such as healthcare, energy and public administration, it will have a wider impact on society and may also put vital services at risk.

Like other security threats, ransomware is something to be prepared for in advance. Proactive measures such as regular backups, strong passwords and updating software help protect your data. In addition, preparedness reduces the risk of falling victim to criminals, and increases the ability to return to normal quickly if an attack occurs.

Essential tips: 
1. Keep your backups up to date.
2. Update your software on a regular basis.
3. Use antivirus software.
4. Be vigilant with your emails.
5. Use strong passwords and multi-factor authentication.
6. Download apps only from trusted sources.

Ransoms demanded by ransomware operators should not be paid. The payment of ransoms contributes to the continuation of criminal activities, and there is no guarantee that the information will be returned or that the blackmail will end. The attacker’s goal may also be simply to destroy data, in which case the blackmail is a sham. In this case, it is not possible to recover the data, even by paying a ransom.

Read more about ransomware in our brand-new article “What on earth is ransomware?” (External link) (in Finnish)

Register for the international brokerage event on 10–11 September!

The Finnish Transport and Communications Agency Traficom and its National Coordination Centre (NCC-FI) together with its partners North European Cybersecurity Cluster (NECC), Business Finland and the University of Jyväskylä welcome you to an international partnership event on calls for cyber funding. The event will be held in Helsinki on 10 and 11 September 2024 at Team Finland house. Due to the international nature of the event, the main language will be English. Admission is free of charge.

The two-day event will focus on the current Digital Europe (DEP) and Horizon Europe cyber calls. The event will feature presentations by industry experts and panel discussions. It will also provide an opportunity to present your own project ideas, hear other people's presentations, find partners and network more widely.

Registration is open until 27 August 2024.

News from Cybermeter Day

Cybermeter Day, held in Helsinki on 14 August 2024, brought together users and stakeholders of the Cybermeter (Kybermittari) service to hear and share ideas on the use of the service, best practices and hopes for development. The day included some good introductions that gave the audience a wide range of perspectives on the implementation of maturity assessment, regulation, the creation of a development programme and the importance of peer support. Based on today's experience, it’s worth creating a more active community around the Cybermeter service to continue the exchange of information.

Discussions highlighted the challenges organisations face in starting and implementing data security-level mapping and allocating development activities. The challenges for small businesses included a lack of the necessary cyber skills while, for large businesses, they were the challenges of a large organisation in interpreting and targeting a wide range of requirements across different functions.

Discussions also covered the relationship between regulation and cross-references to different frameworks and standards, and how the Cybermeter could be used as a tool for mapping the implementation of the NIS 2 Directive requirements.

The initial feedback was that the event had been successful and that there was a desire for more events for the community in the future. The next Cybermeter Day is planned for early 2025.

Recently reported scams

In this summary, we provide information about scams reported to NCSC-FI during the past week.

Vulnerabilities

CVE: CVE-2024-38063, etc. 
CVSS: CVSSv3.1: 9.8
What: Microsoft's August 2024 Patch Tuesday update fixed 89 vulnerabilities including six actively exploited and three publicly disclosed zero-day vulnerabilities, as well as eight critical vulnerabilities. 
Product: Microsoft
Repair: Update to the new version. For one zero-day vulnerability, no update has yet been announced. 
Further information on the Microsoft website (External link)