Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.

RansomHub criminal hackers claim cyber attack on Coca Cola

RHC Dark Lab : 27 June 2024 21:59

Today, the RansomHub gang of cybercriminals claimed on their Data Leak Site (DLS) an IT attack on Coca Cola.

We still do not know whether this cyber attack actually affected Coca Cola’s IT infrastructure, since there is still no press release about the incident on their corporate site.

In the post published underground by the RansomHub cybercriminals, it is reported that the gang is in possession of 800GB of data, exfiltrated from the company’s IT infrastructure. They threaten publication in seven days.

There is also a countdown on the gang’s site showing that in 7 days and 16 hours, when there will be an update to the post. This course of action – as RHC readers know – generally takes place when no agreement has yet been reached on the payment of the ransom demanded by the cybercriminals. In this way, the criminals threaten the publication of the data in their possession, increasing the pressure on the hacked organisation, hoping that the payment will be made more quickly.

As is our custom, we always leave room for a statement from the company should it wish to give us an update on the matter. We will be happy to publish such information with a specific article highlighting the matter.

RHC will monitor the development of the matter in order to publish further news on the blog if there is substantial news. If there are persons with knowledge of the facts who would like to provide information anonymously, they can use the encrypted whistleblower mail.

How to protect yourself from ransomware

Ransomware infections can be devastating to an organisation, and restoring data can be a difficult and laborious process that requires highly skilled operators for reliable recovery, and even without a data backup, there are many times when recovery is unsuccessful.

In fact, users and administrators are advised to take preventative security measures to protect their networks from ransomware infections, and they are in order of complexity:

  • Train staff through Awareness courses;
  • Use a data backup and recovery plan for all critical information. Perform and test regular backups to limit the impact of data or system loss and to speed up the recovery process. Keep in mind that even network-connected backups can be affected by ransomware. Critical backups must be isolated from the network for optimal protection;
  • Keep the operating system and all software up-to-date with the latest patches. Vulnerable applications and operating systems are the target of most attacks. Ensuring these are patched with the latest updates greatly reduces the number of exploitable entry points available to a malicious user;
  • Keep antivirus software up-to-date and scan all software downloaded from the Internet before execution;
  • Limit the ability of users (permissions) to install and run unwanted software applications and apply the ‘least privilege’ principle to all systems and services. Restricting these privileges may prevent malware execution or limit its ability to spread through the network;
  • Avoid enabling macros from e-mail attachments. If a user opens the attachment and enables macros, the embedded code will execute the malware on the computer;
  • Do not follow unsolicited web links in e-mails;
  • Never expose Remote Desktop Protocol (RDP) connections directly to the Internet. If access from the Internet is required, this must be mediated by a VPN;
  • Implement Intrusion Prevention Systems (IPS) and Web Application Firewalls (WAF) as perimeter protection behind services exposed on the Internet.
  • Implement an XDR security platform, natively automated, possibly supported by a 24/7 MDR service, enabling comprehensive and effective protection and visibility into endpoints, users, networks and applications, regardless of resources, team size or expertise, while also providing automated detection, correlation, analysis and response.

Both individuals and organisations are discouraged from paying the ransom, as even after payment, cyber gangs may not release the decryption key or recovery operations may suffer errors and inconsistencies.

Cyber security is a serious matter and today it can deeply undermine a company’s business.

Today we need to change our mindset immediately and think of cybersecurity as an integral part of business and not think about it only after a cybersecurity incident has occurred.

RHC Dark Lab
RHC Dark Lab is a group of experts from the Red Hot Cyber community dedicated to Cyber Threat Intelligence led by Pietro Melillo. Participating in the collective, Sandro Sana, Alessio Stefan, Raffaela Crisci, Vincenzo Di Lello, Edoardo Faccioli. Their mission is to spread knowledge about cyber threats to improve the country's awareness and digital defences, involving not only specialists in the field but also ordinary people. The aim is to disseminate Cyber Threat Intelligence concepts to anticipate threats.