CYBER ATTACK ON KENYA AIRWAYS(KQ)

KQ has yet to suffer another ransomware attack from a notorious group called Ransomexx. The airline has so far suffered two ransomware attacks, the first one being the attack by Medusa, which leaked a sensible amount of private information

Who is Ransomexx?

Ransomexx is the group responsible for the ransomware attack targeted on Kenya Airways(KQ). The group has been operating since 2018  and came into the limelight in 2020 after attacking high-profile organizations and posting their leaks on their dark website

The group, being one of the newest players, has been responsible for ransomware attacks on Linux, Ferrari Starhub, Gigabyte,  Aljaber Engineering, and Admila ELAP among others.

The group uses the following methodologies to compromise internal servers:
1. Taking advantage of unpatched systems to exploit the internal servers with code execution and stay covert

2. Privilege escalation where they elevate privileges and connect to an external command and control (C2)

3. Payload execution  to the servers to perform the intended actions

The notorious group uploaded teasers on the internet of what they had extracted from KQ but uploaded the full data leak on their dark website.

 

The 2GB data leaked includes:

Passports, IDs, Logbooks, Appointment and Transfer letters, Future plans for the airlines, accident reports and investigation, passengers who had used the airline, Death and funeral announcements, Investigation reports and Password files among other very sensitive files

KQ has not yet released a statement on the attack or confirmed the legitimacy of the leaked files.

The data leak could be an open door to potential cyber threats such as fraud, impersonation, and phishing among others.

Here are a few steps to avoid ransomware attacks (credits to Alvin Gitonga):

1. Having a fully updated system. You should be running all your systems up to date to avoid critical vulnerabilities which could be a gateway to ransomware attacks

2. Do backups of your system. Everything crucial should be backed up locally, in the cloud, in isolated media( External Solid state drives, Hard disk drives )

3. Awareness and learning to everyone in the organization. Have good OPSEC(Operation Security). OPSEC involves modifying one's online behaviour and applying best security practices to safeguard sensitive information from falling into the wrong hands

4. Incorporate Multi-factor authentication everywhere

5. Good password manners. Set strong passwords and use password managers if possible. Have good encryption and hashing algorithms 

6. Have strong access control limiting access, administrator rights and roles

7. Use Firewalls, IPS(Intrusion Preventions Systems) and IDS(Intrusion Detection Systems) , Network segmentation , and SIEM in your organization

8. Have strong removable media policies. Removable media such as USB hard drives and USB cables could open doors for ransomware attacks. Have USB data blockers everywhere 

9. Strong physical access controls. Clearance levels, intrusion detection sensors, and surveillance cameras among others

10. Having Pentests to simulate attacks which helps identify the weak links and vulnerabilities

This is a developing story, stay tuned to Gizmunch for updates on this story

Thank you for reading. Keep it GizMunch.