Bouygues construction falls victim to a ransomware attack

The French construction firm has detected some malicious behaviours in their systems and have identified the same as a ransomware attack on their machines late last week. Bouygues have temporarily shut down their systems until the attack is resolved and have also informed the media that their officials are fully focussed to fix things as quickly as possible. This multi-national company has also mentioned that their construction projects are running smoothly and their normal operations are no way affected, thus our users and customers need not worry about the ransomware attack. Bouygues have given briefed about the attack in their press release on Feb 5th, 2020.

It is believed that the Maze ransomware group is the one behind Bouygues ransomware attack. Bouygues has its headquarters in France, however they are owning multiple civil projects in Australia, like the Metro Tunnel project in Melbourne, North Connex in Sydney, Go Between Bridge in Brisbane and more. The Maze ransomware group have also victimized ‘United Imaging’ another MNC firm with their malicious intents.

Who is this Maze Ransomware Group?

Maze is a cybercriminal organization that has been targeting organizations in the US with their ransomware attacks. This group has been behind the attack on City of Pensacola, Southwire, Allied Universal and more. Their prime motive is encrypting the sensitive data from the companies and demanding a ransom. 

Maze also had a website, which will display the list of companies that become victims to their ransomware attacks. If the company does not pay the requested ransom, then those data encrypted or stolen from those companies will go public. To be noted, this group has also been the ones regarding the attacks on the number of law firms.

How to build your defense against ransomware threats?

Organizations need to first understand there is no way a company could be completely secured against cyberattacks, as no vendor or tool can afford 100 percent cybersecurity. The best practices and robust policies could only make your company less of a favourite to cyber criminals. Below mentioned seven best practices can keep your organizations proactively secured against ransomware attacks,

• Automatically test and deploy updates to your network devices as soon as the patches are released by the vendors.
• Blacklist or whitelist applications in your environment to avoid unknown vulnerabilities.
• Remove floating EXE’s and prohibit applications.
• Patch BIOS and firmware updates to avoid processor bugs.
• Be ready to handle zero-day vulnerabilities with temporary workarounds through customized scripts.
• Ensure security information and event management strategies, tools and approach have been incorporated to ensure effective reactive cybersecurity is In place.
• Proper patching, log management, firewall management and data management tools will be beneficial to organizations.