Ransomware is a form of malicious software that locks files on the victims' systems from being used. Those files usually have extremely crucial information stored in them, and the users are compelled to pay the ransom to regain access. Cybercriminals use ransomware to invade systems putting organizations' reputation and stability at stake.
Ransomware can be devastating to an individual or an organization. Anyone with important data stored on their computer or network is at risk, including government, healthcare systems, financial institutes, or other critical infrastructure entities.
Recovery can be a complicated process that may require a reputable data recovery specialist's services, in addition to the high cost of the production shutdown and the data breach penalties or refund plans for the victims dealing with their customer's data.
The current known threat to watch is the Sodinokibi, also referred to as Sodin and Revil. Sodinokibi is a ransomware-as-a-service (RaaS) operation known for breaching corporate networks using exploits, exposed remote desktop services, spam, as well as hacked Managed Service Providers.
This new threat, worth watching as the attackers on top of using the typical tactics, also target the POS systems. In the detected Revil attacks, the attackers were scanning the organization's network for PoS systems as part of a credit card data theft attempt or as an additional valuable target worth encrypting.
Most targeted businesses and industries were hosting, managing, or receiving payment using POS systems, making the cost and the impact of the cybersecurity incident considerably heavy as it comprises critical customer data.
Like most malware, Sodinokibi requires elevated privileges to install its payload, exploiting remote desktop services, and unsecure connectivities.
It is highly recommended to avoid and prevent this menace, especially for businesses using POS Systems to align their security readiness with an adequate standard that has been defined to safeguard their customers' credit card data.
PCI DSS compliance englobes a set of requirements covering many security domains that can help prevent ransomware attacks. Like most malware, Sodinokibi exploits remote desktop services, and unsecure connectivity requires elevated privileges to install its payload.
As the compliance mandates a multi-factor authentication for all external and internal admin accesses, a proper RBAC approach to restricting system access to authorized users and secure incoming and outgoing channels to the organization network.
All those requirements, among others, can help organizations to prevent and reduce the risk of the ransomware menaces. What PCI DSS can offer more than any other security standard is that it dedicates five controls to secure the POS systems from tampering, substitution, or any potential compromise.
POS systems are critical devices in the PCI DSS compliance as they capture and store credit card data. All POS systems should be used with strong cryptography connection, to use only PTSD-approved point-of-interaction (POI) devices, and for some merchants not to be connected to any other systems within the organization environment.
PCI DSS also focuses on identifying and listing all their POS systems, facilitating the task of monitoring and maintenance, providing the POS Systems users with the proper security training to detect and react in case of tampering compromise attempts.
By Complying with the PCI DSS in general and the POS security requirements in particular, organizations can prevent and, or at least limit such threats.
To ensure that you’re keeping POS systems protected, get in touch with our cyber security experts. The PCI compliance journey may seem overwhelming, but we are more than ready to walk you through this journey guaranteeing that nothing is missed.