lockbit2 attacks get-entkernung....

Incident Date:

April 7, 2022

World map

Overview

Title

lockbit2 attacks get-entkernung....

Victim

get-entkernung....

Attacker

Lockbit2

Location

Marianne-von-Werefkin-Straße 11, Germany

Hattersheim am Main, Germany

First Reported

April 7, 2022

Ransomware Attack on Gebäude-Entkernungs-Technik GmbH

Gebäude-Entkernungs-Technik GmbH, a company specializing in building renovation and demolition, has been targeted by the ransomware group Lockbit2. The attack was announced on the group's dark web leak site, and the victim's website is https://www.get-entkernung.de/. The company operates in the Business Services sector, focusing on building renovation and demolition.

Company Overview

Gebäude-Entkernungs-Technik GmbH offers a range of services, including building renovation, industrial dismantling, static demolition, asbestos removal, and building demolition. The company's website highlights its expertise in creating space for new ideas by renovating buildings, often to the point of dismantling them entirely. The company's services are designed to meet the changing needs of buildings over time, ensuring that they can be repurposed or rebuilt as needed.

Vulnerabilities and Threats

Ransomware attacks typically exploit vulnerabilities in software, hardware, or network configurations. In the case of Gebäude-Entkernungs-Technik GmbH, the company's website does not provide detailed information about its IT infrastructure or cybersecurity measures. However, the company's reliance on digital systems for managing projects, customer information, and communication makes it a potential target for ransomware attacks.

The most common methods of ransomware attacks are phishing emails and brute force attacks against exposed Remote Desktop Protocol (RDP) services. These attacks can be particularly effective against companies that rely on remote access for their operations, as they may not have the same level of security controls in place as they would in a traditional office environment.

Mitigation Strategies

To mitigate the risk of ransomware attacks, companies should implement a multi-layered security strategy that includes:

  • Defense-in-depth security: Deploying foundational cybersecurity tools and strategies such as antimalware, multifactor authentication, firewalls, email security filtering, web filtering, network traffic analysis, allowlisting/denylisting, endpoint detection and response, the principle of least privilege, and secure remote access technologies, including VPNs and zero-trust network access.
  • Advanced security controls: Implementing advanced security controls that can recognize and catch known ransomware variants, as well as those that use new or unknown attack vectors.
  • Regular updates and patches: Ensuring that all software and hardware are up-to-date with the latest security patches and updates to minimize vulnerabilities.
  • Employee training: Educating employees about the risks of phishing emails and other social engineering attacks, as well as best practices for secure remote access and password management.

The ransomware attack on Gebäude-Entkernungs-Technik GmbH underscores the importance for companies in the Business Services sector to maintain a vigilant cybersecurity posture, especially in the context of remote access and digital systems. By adopting a comprehensive security strategy and fostering cybersecurity awareness among employees, businesses can significantly mitigate their risk of falling victim to cybercriminal attacks.

Sources

  • Gebäude-Entkernungs-Technik GmbH. (n.d.). Entkernung. Retrieved from https://www.get-entkernung.de/
  • Cloudian. (n.d.). Ransomware Data Recovery: How to Save Your Data. Retrieved from https://cloudian.com/guides/ransomware-backup/ransomware-data-recovery-5-ways-to-save-your-data/
  • ZDNet. (2021, July 29). Ransomware: These are the two most common ways hackers get inside your network. Retrieved from https://www.zdnet.com/article/ransomware-these-are-the-two-most-common-ways-hackers-get-inside-your-network/
  • TechTarget. (n.d.). What is Ransomware? How It Works and How to Remove It. Retrieved from https://www.techtarget.com/searchsecurity/definition/ransomware

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.