The Isle of Man Government’s Office of Cyber Security and Information Assurance (OCSIA) has issued advice following a suspected cyber-attack of Russian origin on Isle of Man based company Strix Group plc.
From research conducted by OCSIA, and information made publicly available, the ransomware used in the attack is believed to be a strain called Lockbit 2.0 and is commonly attributed to Russian speaking cyber criminals.
However, the government has said there ’is currently no evidence to suggest that the Russian state was in any way involved in this incident’.
Given the current heightened tensions caused by the conflict in Ukraine, OCSIA would however reiterate its advice for organisations to take steps to reduce the risk of falling victim of an attack, including:
- Patching systems
- Improving access controls and enabling multi-factor authentication
- Implementing an effective incident response plan
- Checking that backups and restore mechanisms are working
- Ensuring that online defences are working as expected
- Keeping up to date with the latest threat and mitigation information.
Employees should be aware of their role in keeping systems safe, including not clicking on suspicious links, reporting suspicious emails and taking care when working remotely.
They said: ’Having secure computer systems is only one part of effective preparation against a cyber-attack.
’All organisations should be prepared for a systems outage with a plan for how they would continue to operate.’
As a minimum, OCSIA would recommend organisations:
- Confirm they have an up to date and tested incident response plan or business continuity plan – this should include details of key systems and, where appropriate, manual contingency plans in the event of a systems outage
- Confirm that escalation routes and contact details are all up to date
- Ensure that the incident response plan contains clarity on who has the authority to make key decisions, especially out of normal working hours
- Ensure the incident response plan and the communication mechanisms it uses will be available, even if the organisation’s systems are offline.