2. Table of Contents
• Overview of Ransomware Attacks in TBE SAS
• Notes on remote access
• Notes on using PC
• How to change the password (CENTRAL login, mail)
• Knowledge of information security
• Beware of password leakage
2
3. Overview of Ransomware Attacks in TBE
SAS
On October 29, Takara Bio Europe S A.S. (TBE SAS) servers
installed internally were encrypted with ransomware, and data on
the backbone system such as sales and accounting was encrypted
and inaccessible. The virus filename is "Takara Bio", which is
considered to be a pinpoint attack targeting TAKARA BIO.
The source of the infection is being examined, but there is doubt
that the criminal has entered the company‘s server through a
remote access line using TBE SAS employee’s ID and password
obtained in some way and has launched ransomware. The
employee’s e-mail log was followed, but any suspicious e-mails
were not found.
3
4. Overview of Ransomware Attacks in TBE
SAS
4
TAKARA-X3 ファイアウォール
サーバ室
PC ノートPC
オフィス
プリンタ・コピー機
インターネット
PC
リモートアクセス回線
(VPN接続)
In
Internet
Firewall
Office
Remote access line
(VPN access)
Multi function copier
Multi function copier
Laptop PC
Desktop PC
5. Overview of Ransomware Attacks in TBE
SAS
5
------- === Your network has been infected! ===-------
***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED *****************
All your documents, photos, databases and other important files have been encrypted and have the extension: .bceBDcaBEc
You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files!
The only way to restore your files is to buy our special software. Only we can give
you this software and only we can restore your files!
We have also downloaded a lot of private data from your network.
If you do not contact as in a 3 days we will post information about your breach on our public news website ([link removed]) and after 7 days the whole
downloaded info.
You can get more information on our page, which is located in a Tor hidden network.
* DO NOT TRY TO RECOVER FILES YOURSELF!
* DO NOT MODIFY ENCRYPTED FILES!
* * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * *
Text left in the encrypted server
7. Notes on using PC
1. If a Virus infection is detected, then Immediately disconnect from the network and contact
IT personnel.
Contact details for DTI IT Department :
Take a screenshot of the suspicious mail and share on below ids
PLEASE DO NOT FWD THE EMAIL DIRECTLY
To : Anant Prajapati email : anant.prajapati@dssimage.com
CC : systemadmin@dssimage.com; prashant_verma@takarabio.com
2. Please do not open the Email from unknown sources and Immediately delete.
3. Do not access websites that are not business related
4. Keep the operating system and Anti Virus software up-to-date
5. Set passwords that are complex and hard to guess
6. Do not use the same password on external websites
Password policy
• 8 digits or more
• Include alphabetic characters, numbers, and symbols one by one
7
8. Measures in detail
• 1. If a virus infection is suspected, immediately disconnect from the network and contact
the IT department
• In the unlikely event of an infection, it is very important to take action to prevent the infection
from spreading. If you suspect a virus infection, isolate the device from the network by
unplugging the network cable, disconnecting any mobile data communication devices, or
turning off the wireless LAN and mobile phone signals. You should then contact your IT
department immediately for further instructions. Do not attempt to reconnect the device to the
network until you are authorized to do so.
• 2. Delete email from someone that you don't know without opening it
• The most common way to be infected by a virus is through email. Antivirus software has been
installed by each company, but targeted cyberattacks often contain a new virus and not all can
be cleaned. Always be aware of the fact that some viruses will not be identified by antivirus
software. So, immediately delete any email from anyone you don't know.
• 3. Do not access non-business related websites
• Your device may be infected with a virus simply by accessing some websites. In some cases,
targeted cyberattacks may capture employee preferences from social networking or other
sources, and then hack the site, so do not visit websites that are not relevant to business tasks.
8
9. Measures in detail
• 4. Keep the operating system and Anti Virus software up-to-date
• Many cyberattacks exploit known vulnerabilities. This means that proper countermeasures
against known vulnerabilities can significantly reduce risks. Make sure that you update
Microsoft Windows and Office security promptly, and that the Anti Virus software you have
installed is always up to date.
•
• 5. Set complex and difficult to guess passwords
• In a virus infection, if the password to access critical information can be easily guessed, the
device can be quickly compromised by the virus. Passwords should be complex and difficult to
guess. Also, if you save the ID and password for a critical system in a file, a virus can access
the important information through that file. If you must save the password in a file, make sure
that you do not open the file easily, such as by assigning a password to the file.
9
10. Disconnecting from Network
Procedure for disconnecting from the network
1. Remove the LAN Cable from your PC
2. Disconnect from Wi-fi Network by switching ON the “Flight Mode”
10
3. Switch off the Hot Spot if you are connected thru Mobile
Data
11. How to change the password
Changing System Login Password
• Simultaneously Press [Ctrl] key, [Alt] key, or [Delte] key on the keyboard. It will be
switched to the screen like the blue picture on the right. Select "Change Password" and
change the password.
11
12. How to change the password
12
Changing the Mail Password
URL of the password change screen
www.office.com
Click here
13. 13
1 Mention your email id 2 Enter your login email password 3
4
5
How to change the password
Input restrictions
You cannot set the same password as the current password.
Enter a character string of 8 characters or more.
It is recommended that you change your passwords
atleast once a month.
And please do not share the details with any known
unknown sources
14. Knowledge of information security
1. Do not remove company or department information or
equipment without permission.
2. Do not bring personal notebook computers, programs, etc.
into the company without permission.
3. Do not leave company or department information or
equipment unmanaged
4. Do not dispose of company or department information or
equipment without measures
5. Do not lease or transfer the authority assigned to an
individual to another person.
6. Do not publicly disclose information obtained in the course of
business.
7. If information leaks occur, report promptly.
14