Ransomware – the malware that cybercriminals use to encrypt data and hold it ransom – is quickly spreading across the globe. These types of attacks are becoming more frequent and more sophisticated.
“In the space of just a few years, ransomware has gone from a minor irritation for PC users to being a significant threat to large corporations and nations,” explains Steven Ranger of ZDNet.
Instead of focusing on “encrypting PCs one-by-one,” Ranger adds, “the big gangs seek backdoors into corporate networks and then explore until they are ready to cause maximum chaos (and a big payday) by encrypting as many devices as possible in one go.”
Cybercriminals can gain access to these networks in many ways, including email. Cyber gangs can quickly and efficiently spam out malware to thousands of emails, casting a wide net to catch ransomware victims.
Not only are cybercriminals relying on people to click infected links in their email, but they are also using brute force and remote desktop protocol (RDP) attacks. Ranger explains the former as, “attempts by hackers to access servers and other devices by trying as many passwords as possible, usually with the aid of bots, in the hopes of hitting the jackpot.”
By using weak passwords, or the same password for everything, you are making yourself and your company vulnerable to these kinds of attacks.
Weak passwords also make you susceptible to remote desktop protocol attacks in which cybercriminals can remotely control your PC. These criminals then look for any weak point in your security infrastructure and software for their advantage.
“Malware gangs will seize on any software vulnerabilities and attempt to use them as a way into networks,” says Ranger.
It’s not just the company network that is a target, either. “Thanks to the office WiFi, the Internet of Things, and working from home, there’s now a wide variety of devices connecting to the company network,” Ranger describes, “many of which will lack the kind of built-in security you’d expect from a corporate device.”
These cybercriminals are not just “low-level” hackers with limited means. They’re well-financed with advanced tools in their tool kit. In fact, many of them are state-backed cyber gangs operating on behalf of foreign powers looking to hurt other countries.
For instance, in 2017, it is believed that North Korea unleashed ransomware called WannaCry on 300,000 unsuspecting victims in over 150 countries. Ranger describes that soon after that, Russia attacked Ukraine with ransomware called NotPeya. In the United States, several cities have experienced ransomware attacks.
There are steps your organization can take to protect yourself from ransomware attacks. Considering that businesses are collecting massive amounts of data on their customers, the security of this data must be more than an afterthought.
To begin with, Ranger suggests that organizations assess what their most important data is and to have a backup strategy for saving this data.
“It’s vital to understand where that business-critical data is actually being held,” he says, “having a recent backup means you can restore that data and be operational again fast.”
Other preventative measures include changing default passwords across all networks, using two-factor authentication, and training staff to recognize suspicious emails.
You can also implement email content scanning and email filtering to ensure that these suspicious emails never even make it to your employees’ inbox. In that same vein, security information and event management practices can help you scan your network’s traffic for anomalies that might suggest a hacking.
According to Ranger, antivirus software is also useful in spotting, “…suspicious behavior that’s common to all ransomware: file encryption.”
You want to make it as difficult as possible for cybercriminals to roam across your network. This can be done by segmenting networks and limiting the number of administrator accounts that typically have wide-ranging access.
What’s most important, however, is having a plan in place; a detailed strategy for how your organization will respond to a ransomware attack. (And it never hurts to test this out!)
Experts warn against actually paying a ransom. Some argue that although this may seem like a quick fix, it causes more problems in the long run.
“There’s no guarantee that the criminals will hand over the encryption key when you pay up — they are crooks, after all,” Ranger argues. “If your organization is seen to be willing to pay, that will probably encourage more attacks, either by the same group or others.”
Ransomware criminals may be getting more sophisticated, but so are we. By taking the precautions above to protect yourself, your organization can be a step ahead of the game in protecting your data.