June 16, 2020
Ransomware attacks are becoming more and more common, but there are three key tactics crime actors employ to attack your network and systems. In this article we’ll cover three common ransomware attacks and the best practices to follow to prevent each one.
This article is part of our Definitive Guide to Ransomware series:
- The Definitive Guide to Ransomware
- What is Ransomware?
- How Does Ransomware Spread?
- How to Report Ransomware
- Recent Ransomware Attacks and Examples
- How to Prevent and Prepare for Ransomware Attacks
- Should You Pay the Ransomware Demand
- What You Need to Know About Ransomware Insurance
- Ransomware Removal
- Common Ransomware Attacks
EXAMPLES OF RANSOMWARE ATTACKS
Remote Desktop Protocol
Remote Desktop Protocol (RDP) is one the easiest ways to gain access to your system. Fifty seven percent of all ransomware attacks involve RDP. Many of the ports are not secured properly and many are easily compromised. Users often ignore password updates or even good password strategies making RDPs easy to hack into. Some crime actors will even purchase credentials to your RDP on the dark web.
With credentials in hand, actors can gain access to devices and begin infiltrating your network further and deploying malware. When ransomware is deployed your organization will be faced with the decision about whether or not to pay the ransom demand. In the last four months, that decision has become even more complicated as attackers, such as Maze, have started both locking up the infiltrated system and stealing the data. The decision matrix becomes more complicated.
In the past, if your data was backed up, a locked system didn’t necessarily mean you needed to pay the ransom. Now that crime actors are also stealing data, a security breach has occurred. Paying the ransom won’t ensure that attackers actually delete the data they already stole from you.
How can you protect your RDP from a ransomware attack?
Require strong passwords – make sure your employees are using proper password protocol. Use a phrase instead of password, add in numbers and symbols, and never reuse an old password.
Employ two-factor authentication – by adding two-factor authentication into your sign on process, you’re adding another layer of protection that’s difficult for a crime actor to replicate. For administrative accounts, adding multi-factor authentication can reduce risk by 40%.
Back up data – consistently back up data and store your backups on seperate infrastructure. Disconnect after every backup so if your network is compromised, the malware won’t spread to every version or stored backup of your data.
Run vulnerability and threat scans and tests – regularly run vulnerability scanning on every system. Use penetration techniques such as impersonating a manager and asking for access to a specific database or sending a phishing email to assess how employees react to social engineering techniques.
Whitelist IP addresses – only allow approved IP addresses to connect via Remote Desktop Protocol so only trusted machines have access.
Software vulnerabilities are an easy target for criminal actors looking to deploy ransomware. If software isn’t properly or regularly updated, an attacker can gain access to your network even if no credentials are compromised and two-factor authentication is required. After the malware is embedded in your network, new ransomware can remain undetected for years. In the case of the Marriott breach on customer data in 2019, many believe the ransomware was on the Starwood network–the brand Marriott acquired–for four years before the ransom was deployed.
How can you protect your business from software vulnerabilities?
Update software regularly – implement a policy to make sure software is updated consistently and frequently.
Implement vulnerability scans – proper scanning can identify weaknesses in your network, infrastructure, and devices and help you key on areas that need more security.
An email phishing attack can include embedded links, attachments, or a combination of the two–the goal is to trick the email recipient into clicking on the link or downloading the attachment onto their device. The email will look like it comes from a credible source or person, often impersonating a trusted brand or name. The content of the email may even ask the recipient to enter credentials and take action for some purpose. The crime actors are looking for easy access to the network so they can deploy ransomware or search or important data or files. In the case of a fake attachment, the ransomware downloads once the attachment is clicked.
How can you protect your business from phishing attacks?
Educate your workforce – the number one defense against a phishing attack is knowledge. Educating yourself and your employees about the social engineering techniques attackers use is critical to keep your business safe.
Implement two-factor authentication – With two-factor authentication a bad actor cannot gain access to systems with a stolen password alone.
Use an email gateway – An email gateway can help block malicious emails from ever reaching your users.
To find out if you have the right insurance protection against a ransomware event, check out our 3-question quiz.
Written by: [Jack Vines]