.png)
While Deloitte is yet to make a statement or release an official statement, agreeing or denying these claims - news sites like Infosecurity have reported having spoken to a Deloitte spokesperson about the same. The news site mentioned that a Deloitte spokesperson stated no Deloitte systems have been compromised indicating that this may be a breach from a client’s system that is outside Deloitte’s system.
That said, the fact that Deloitte has yet to release an official statement on the security breach suggests that an internal investigation is taking place. Also, there is likely some grounds for these statements whether internal systems were compromised or not.
The Brain Cypher group on the dark website has given the Fortune 500 or Big 4 company until the 15th of December 2024 (less than 11 days) to respond to the group.
What Does this Ransomware Attack Mean for Deloitte?
Depending on the validity of Brain Cypher’s claims - if the data is sensitive it will likely lead to Deloitte having to negotiate and settle on a ransom amount with the group of hackers.
The fact remains that most small and large companies that fall victim to ransomware attacks prefer to sweep these situations under the rug rather than openly admit to vulnerabilities in their security. This not only lowers brand trust but also has complications like regulatory fines.
While no official amount is mentioned anywhere online - ransomware attaches are typically quite expensive for companies as large as Deloitte.
According to IBM, they allege an average data breach costs companies around USD 4.45 million - but this amount is just part of the picture in the case of ransomware attacks.
For some companies like the MOVEit ransomware attack, some estimate the damages were around USD 15 billion.
Who is Brain Cypher?
Brain Cypher is a ransomware group that came to be known after the 16th June 2024, ransomware attacks in Indonesia’s National Data Center. The ransomware group is notorious, the attack disrupting nearly 200 government agencies affecting even passport and immigration offices.
With its TOR website on the dark web, the group typically updates it with information about its attacks.
During their last attack, the group initially demanded a ransom of over 8 million USD but then shared the decryptor for free according to Cyberdaily.
Whether this is the case is the case for Deloitte is yet to be known, but as mentioned before these ransoms are typically paid and not spoken of publicly.
How Do You Prevent Ransomware Attacks?
Although the cause or infection methods of ransomware attacks can vary, the fact remains that the best way to fight ransomware would be through - a powerful access management system where information is not easily accessible to unauthorized parties.
Whether through phishing or even ransomware downloads - this removes the risk of data leaks almost completely. With software like Infisign, you have a zero-trust framework where authorized user identities are decentralized and further protected with the use of passwordless authentication - this removes the risk of phishing completely .Aside from this, you can have multi-factor authentication and a privileged access management framework so that only a few individuals have access to critical information. Want to know more? Reach out to the team at Infisign for a free trial.
.svg)
.png)
