1.888.900.DRIZ (3749)
The Driz Group
  • Managed Services
    • SME CyberShield
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog
  • Managed Services
    • SME CyberShield
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog

Cybersecurity Blog

Thought leadership. Threat analysis. Cybersecurity news and alerts.

3/29/2021

0 Comments

Sierra Wireless Becomes Latest Ransomware Attack Victim

 
ransomware attack victim

Sierra Wireless Becomes Latest Ransomware Attack Victim

Sierra Wireless, one of the world’s leading IoT solutions providers, recently announced it was a victim of a ransomware attack.

Last March 23rd, Sierra Wireless announced that it discovered on March 20, 2021, it was hit by a ransomware attack.

In a ransomware attack, computer files are encrypted, blocking a victim from accessing these files. A ransomware attacker then demands from the victim to pay a specified amount in exchange for the decryption key that would unlock the encrypted files.

In recent months, it has become a trend among ransomware attackers to demand from ransomware victims a second ransom demand in exchange for the non-publication of data stolen during the ransomware attack. In the case of the ransomware attack on Sierra Wireless, it wasn’t disclosed whether or not the attacker or attackers demanded the second ransom or whether or not the company paid ransom.

As a result of the ransomware attack, Sierra Wireless said it halted production at its manufacturing sites. The company added that its corporate website and other internal operations have also been disrupted by the ransomware attack.

As a result of the ransomware attack, Sierra Wireless said it was withdrawing its First Quarter 2021 guidance. In February 2021, the company released its 2020 full year revenue and First Quarter 2021 guidance.

Sierra Wireless reported that its total revenue reached $448.6 million in 2020. For the First Quarter of 2021, the company said it projected to earn $109.9 million. In its March 26th update about the ransomware attack, Sierra Wireless said it has resumed production and started to recover its internal systems.

“Sierra Wireless maintains a clear separation between its internal IT systems and its customer-facing products and services,” the company said. “Sierra Wireless believes that the impact of the attack was limited to Sierra Wireless’ internal systems and corporate website, and that its products and connectivity services were not impacted, and its customers’ products and systems were not breached during the attack.”

The company added that it doesn’t expect that there will be any product security patches, or firmware or software updates required as a result of the ransomware attack.

Prevalence of Ransomware Attacks

IBM reported that ransomware was the cause of nearly one in four real-life cyberattacks worldwide that the company responded to in 2020. IBM added that ransomware attacks in 2020 were “aggressively evolving to include double extortion tactics.”

According to IBM, the group behind the ransomware called “Sodinokibi” – the most commonly observed ransomware group in 2020 – earned over $123 million in 2020, with nearly two-thirds of its victims paying a ransom. IBM added that the group behind Sodinokibi stole from victims approximately 21.6 terabytes of data and approximately 43% of ransomware victims had their data leaked for the public to see.

IBM further reported that Sodinokibi and the other successful ransomware groups in 2020 were focused on stealing and publishing the data of victims who refused to pay ransom.

IBM added that the most successful ransomware groups in 2020 were focused on creating ransomware-as-a-service cartels. In ransomware-as-a-service, one group maintains the ransomware code and another group, known as affiliates, spread the ransomware. Affiliates are known to distribute ransomware in any way they like.

In the blog post “McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us,” McAfee Labs reported that while Sodinokibi ransomware affiliates used different modus operandi, it did notice many started with a breach of Remote Desktop Protocol (RDP) – a proprietary protocol developed by Microsoft that allows Windows users to remotely connect to another Windows computer.

RDP servers that are exposed to the internet through the use of weak passwords and unprotected by multi-factor authentication (MFA), virtual private networks (VPNs), and other security protections, are of particular interest to cyberattackers. RDP is often breached via brute force attacks, in which the attacker submits many username and password combinations in the hope of guessing the correct combination.

“Through RDP brute force, threat actor groups can gain access to target machines and conduct many follow-on activities like ransomware and coin mining operations,” Microsoft Defender Security Research Team said in the blog post "Data science for cybersecurity: A probabilistic time series model for detecting RDP inbound brute force attacks."

Cybersecurity Best Practices Against Ransomware

Network segmentation is one of the cybersecurity best practices in protecting your organization’s network from ransomware. In network segmentation, your organization’s IT network is divided into sub-networks so that in case something bad happens to one sub-network, the other sub-networks won’t be affected. In the case of Sierra Wireless ransomware attack, the company said it maintains a clear separation between its internal IT systems and its customer-facing products and services.

It’s also important to backup your organization’s critical data regularly, following the 3-2-1 backup rule. In 3-2-1 backup rule, 3 copies of your organization’s critical data are kept, with copies stored on 2 different media, and one of these copies must be kept offsite for disaster recovery.

As mentioned, one of the favorite entry points of ransomware attackers into their victims’ networks is via RDP servers exposed to the internet. Protect RDP servers via strong passwords, MFA, VPN, and other security protections.

0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Author

    Steve E. Driz, I.S.P., ITCP

    Picture
    View my profile on LinkedIn

    Archives

    March 2025
    February 2025
    January 2025
    November 2024
    October 2024
    September 2024
    July 2024
    June 2024
    April 2024
    March 2024
    February 2024
    January 2024
    December 2023
    November 2023
    October 2023
    September 2023
    August 2023
    July 2023
    June 2023
    May 2023
    April 2023
    March 2023
    February 2023
    January 2023
    December 2022
    June 2022
    February 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    October 2016
    August 2016
    May 2016
    March 2016
    January 2016
    November 2015
    October 2015
    August 2015
    June 2015

    Categories

    All
    0-Day
    2FA
    Access Control
    Advanced Persistent Threat
    AI
    AI Security
    Artificial Intelligence
    ATP
    Awareness Training
    Blockchain
    Botnet
    Bots
    Brute Force Attack
    CASL
    Cloud Security
    Compliance
    COVID 19
    COVID-19
    Cryptocurrency
    Cyber Attack
    Cyberattack Surface
    Cyber Awareness
    Cybercrime
    Cyber Espionage
    Cyber Insurance
    Cyber Security
    Cybersecurity
    Cybersecurity Audit
    Cyber Security Consulting
    Cyber Security Insurance
    Cyber Security Risk
    Cyber Security Threats
    Cybersecurity Tips
    Data Breach
    Data Governance
    Data Leak
    Data Leak Prevention
    Data Privacy
    DDoS
    Email Security
    Endpoint Protection
    Fraud
    GDPR
    Hacking
    Impersonation Scams
    Incident Management
    Insider Threat
    IoT
    Machine Learning
    Malware
    MFA
    Microsoft Office
    Mobile Security
    Network Security Threats
    Phishing Attack
    Privacy
    Ransomware
    Remote Access
    SaaS Security
    Social Engineering
    Supply Chain Attack
    Supply-Chain Attack
    Third Party Risk
    Third-Party Risk
    VCISO
    Virtual CISO
    Vulnerability
    Vulnerability Assessment
    Web Applcation Security
    Web-applcation-security
    Web Application Firewall
    Web Application Protection
    Web Application Security
    Web Protection
    Windows Security
    Zero Trust

    RSS Feed

Picture

1.888.900.DRIZ (3749)

Managed Services

Picture
SME CyberShield
​Web Application Security
​Virtual CISO
Compliance
​Vulnerability Assessment
Free Vulnerability Assessment
Privacy Policy | CASL

About us

Picture
Testimonials
​Meet the Team
​Subsidiaries
​Contact us
​Blog
​
Jobs

Resources & Tools

Picture
​Incident Management Playbook
Sophos authorized partner logo
Picture
© 2025 Driz Group Inc. All rights reserved.
Photo from GotCredit