top of page
    • Mar 27

Lessons from HANFA’s Ransomware Incident

ransomware attack

Croatian Financial Services Supervisory Agency (HANFA) recently suffered a ransomware cyber attack, resulting in the loss of all data and backups related to the oversight of pension funds and insurance companies. This incident highlights the vulnerability of regional government agencies to cyber threats, particularly ransomware attacks. As the agency scrambles to recover, several critical security lessons emerge.


  1. Outdated Infrastructure: HANFA’s on-premises IT infrastructure, laden with public-facing services, was poorly maintained. For example, web and email servers were running on clunky software, often ridden with old vulnerabilities, making the organization an easy target for ransomware operators.

  2. Complex Networks often resulting from Public Procurement: Public procurement often leads to intricate networks and overlapping IT solutions. These complexities create blind spots, allowing threat actors to exploit weaknesses.

  3. Lack of Multifactor Authentication (MFA): Older and often outdated systems like Active Directory, are particularly resistant to MFA adoption. Without MFA, the organization is much more vulnerable to phishing attacks.

  4. Low Employee Security Awareness: Low-security awareness among employees compounds the risk as they can be more easily lured into clicking on malicious links or opening malware attachments. Phishing is undoubtedly the no. 1 technique used to obtain initial access. Organizations must prioritize education and communication to foster a security-conscious culture.

Recommendations:


  • Modernize and Simplify: Organizations should focus on modernizing and simplifying IT infrastructure. Migrate to cloud-based solutions that reduce dependency on clunky on-premise equipment.

  • Implement MFA Everywhere: Enable MFA wherever possible to thwart phishing attacks.

  • Educate and Communicate: Run continuous awareness campaigns, training sessions, and FAQs to empower employees and reinforce security best practices.


Learning from this incident, organizations must modernize and simplify IT infrastructure, implement multifactor authentication, and prioritize employee security awareness.


For more info on HANFA's ransomware attack, click here.

bottom of page