Discover has issued a statement to warn clients globally about recent attempts involving a type of ransomware attack containing malware that particularly targets Windows-based systems. The attack impacted organizations in the U.S. and Europe, using Ryuk ransomware, which is specifically used to target enterprise environments. Ryuk is often used as part of a multi-stage attack involving phishing, Emotet malware, and Trickbot malware to gain access, escalate privileges, move laterally, and infect the environment.
Discover Global Network encourages partners to refer to the PCI Security Standards Council’s Defending against Phishing & Social Engineering Attacks resource guide and Defending Against Ransomware resource guide to learn more about these types of attacks and to take the recommended steps to mitigate the risks they present. As always, please consider the security recommendations below.
- Perform frequent backups of your system(s) and other important files and verify backups regularly.
- Store backups on a separate device that cannot be accessed from a network.
- Ensure applications and operating systems are up-to-date with the latest patches.
- Ensure anti-virus, applications, and operating systems are up-to-date with the latest signatures and patches.
- Ensure email filters are up-to-date and monitored for effectiveness.
- Validate the source and intent of email prior to clicking links, opening attachments, or interacting with senders.
- Train employees on email security best practices.
- Report any suspected phishing emails or activity to your security team.
- Always be mindful of phishing and/or other attack vectors where malicious software can be installed onto your systems.
If you experience a Ransomware type attack, please follow the steps below to notify Discover:
- Contact the Discover Global Network Command Center at (877) 405-7111.
- Select Option 2 for the Payments Network.
- Request to be connected with Julie Quandt (Senior Manager, Data Security) at (224) 405-5212