EDP Renewables North America, a wind farms and solar parks company, has notified its customers about a cyberattack that affected its information systems. The company has found no evidence that indicates cybercriminals accessed customers' personal information during the incident.
The ransomware attack occurred April 13, according to EDP. At this time, EDP began investigating the incident and notified law enforcement.
On May 8, EDP discovered that cybercriminals gained unauthorized access to some data stored on its information systems, the company indicated. Since that time, EDP has worked to identify any affected customers.
EDP has implemented new IT processes and login requirements to lower the risk of future ransomware attacks, the company said. It also is offering one year of Experian identity protection services free of charge to its customers.
Tips to Combat Ransomware Attacks
Organizations of all sizes and across all industries are susceptible to ransomware attacks. Meanwhile, the average cost of ransomware attacks is rising, and organizations must develop and deploy cybersecurity strategies to limit the impact of these attacks.
Torsten George, cybersecurity evangelist at privileged access management (PAM) company Centrify, offers the following tips to help organizations combat ransomware attacks:
- Provide security awareness programs to educate workers about ransomware attacks and how to avoid them.
- Keep anti-malware and antivirus tools up to date.
- Create an application whitelist that ensures only specific programs can run on computers.
- Back up data to a non-connected environment and verify the integrity of backups regularly.
Proactive prevention and mitigation may provide the "best defense" against ransomware, Richard Cassidy, senior director of security strategy at security information and event management company Exabeam, told MSSP Alert. Cassidy noted that organizations also can use behavioral modeling via user and entity behavior analytics (UEBA) to monitor certain behaviors and quickly detect unusual behavior among network users and devices.