The Cold, Hard Truth about Ransomware
Every organization is at risk of a ransomware attack. According to a report by Barracuda Networks, there has been a 667% surge in phishing emails since the pandemic crisis began. There are many factors that contribute to a ransomware attack that we will discuss in this blog.
How Businesses get Hacked
Sometimes it is the small things that cause attacks to go from a problem to a full blown cyberattack. KnowBe4 advised that two-thirds of remote workers have received no security awareness training at all. Training your staff on security awareness is imperative especially with your employees using VPN and working remotely. Make sure they know about the latest threats, so they are empowered with this knowledge. Ensure that your employees have strong passwords. Many people still re-use or have weak passwords that are easily hacked. Applying security patches for internet-facing systems is crucial in preventing attacks. Ransomware attacks start with hackers exploiting vulnerabilities in internet-facing devices or by brute-forcing RDP (Remote Desktop Protocol) servers and then deploying the ransomware payloads.
Reduce your Risk of Ransomware
Based on data obtained by Microsoft following ransomware attacks, the following are the security gaps that hackers take advantage of:
- Remote Desktop Protocol (RDP) or Virtual Desktop endpoints without multi-factor authentication
- Older platforms that have reached end or support and/or are no longer getting security updates including Windows Server 2003 and Windows Server 2008, worsened using weak or re-used passwords
- Misconfigured web servers, including IIS, electronic health record (EHR) software, backup servers or systems management servers
- Citrix Application Delivery Controller (ADC) systems affected by CVE-2019-19781
- Pulse Secure VPN systems affected by CVE-2019-11510
If you are using any older software platforms, upgrade your OS or even take this opportunity to upgrade your hardware. Replacing old computers and laptops that are running outdated software will also reduce your chances of getting hit by a ransomware attack. Always ensure that you use multi-factor authentication (MFA).
The graphic below shows that attack techniques that hackers use.
Ransomware Attack Techniques (Microsoft)
Systems that Ransomware attackers take advantage of
- RDP or Virtual Desktop endpoints without multifactor authentication (MFA)
- Citric ADC systems affected by CVE-2019-19781
- Pulse Secure VPN systems affected by CVE-2019-11510
- Microsoft SharePoint servers affected by CVE-1019-0604
- Microsoft Exchange Servers affected by CVE-2020-0688
- Zoho ManageEngine systems affected by CVE-2020-10189
Summary
Unfortunately, we have not reached the peak of cyberattacks yet. No organization can ever be impenetrable, but you can be “bullet resistant”. The goal is to be a harder target than other organizations so that attackers realize that it is not worth their time or effort.
A lot of companies wonder if they should pay the ransom. It is complicated. The FBI’s official standpoint is not to pay a ransom. Cybersecurity experts advise organizations to pay the ransom to get their data back and be able to provide their services. There is no guarantee that if you pay the ransom, you will receive your files back.
We do I.T right!
Request a Free I.T Assessment today! Call us at 416-874-0550
