Cyberthieves Have a Laser Focus on Ransomware. Are You in Their Crosshairs?
The Wall Street Journal Pro Cybersecurity Panel Signals New Heads Up
Ransomware is on the rise this year, as hackers take advantage of remote work environments, business systems that may not be as well managed as usual, and other conditions common with the ongoing pandemic. So bad has the problem become that ransomware attacks now occur at least every 11 seconds (not all victims report the crime). That’s a 21% increase from the original forecast.In light of this extreme threat, many business leaders are scrambling to protect their systems and corporate assets, while others are taking a “head in the sand” attitude. At Carmichael Consulting, we have retained our laser focus on the issue, including following the Wall Street Journal Pro Cybersecurity Series as it tracks the evolving ransomware landscape. They recently shared some alarming findings that underscore the continual reminders and insight we provide to clients on this topic, and we want to pass along its importance and relevance, especially now.
Although governments, educational institutions and healthcare providers are targeted most often,every business sector has been hit.
Ransomware attacks are almost always a two-act performance staged for the benefit of the criminals involved. First, they compromise your system in some way and gain the ability to control it and/or lock it down. Then, they send the ransom demand. Once criminals have access to systems and networks, they use specialized software – ransomware – to block system access, often by encrypting data stores and backups. The criminals make their ransom demand via email, text message, or even a system message.
What Criminals Are Up to, Now
The three most prevalent attack vectors for ransomware currently are a Windows connectivity tool, Remote Desktop Protocol, as well as phishing attacks and software vulnerabilities (flaws).
Remote Desktop Protocol (RDP): This Windows connection tool enables users to connect to other computers via the Internet or a local network. The user side has a graphical “client” interface; the computer on the other end uses RDP “server” software. First introduced in 1998, it is considered a legacy protocol, but during the pandemic, many companies have returned to it as a free remote networking solution.RDP ports are often inadequately secured and easily compromised. Additionally, RDP security relies upon but doesn’t require proper password protocol. Even low-skill cyberattackers can easily infiltrate inadequately protected RDPs to harvest credentials. (Some “reseller” hackers harvest RDP credentials and sell them on the Dark Web – another way credentials can be compromised.)
Phishing: Google reports that email phishing has risen exponentially in 2020, from just under 150,000 sites in January to more than 500,000 sites in June — a 350% increase. By now it is certainly worse. Phishing involves sending a spoofed email that purports to be from someone the recipient knows or has an association with, like their bank. The attacker compels them to take actions that expose personal information, such as logins and passwords. We wrote about phishing in detail earlier this year. To delve into the topic further, check out our article: ly/3lPpK16).
Vulnerable Software: Unlike RDP and phishing, the last attack vector on our “most prevalent” list does not require harvesting credentials. When software is unpatched or contains flaws (usually because it was poorly coded), attackers can access networks and systems directly.
A Strategic Approach
Unless the thieves have mission-critical data that cannot be replaced, or your data is subject to compliance mandates, paying ransom may not be prudent. The WSJ Pro Cybersecurity report cited a survey of IT managers that found costs to recover the data and fully return to normal are likely to be the same whether the data is returned by the criminals or recovered from backups. Paying the ransom roughly doubled the price tag.Paying ransom also doesn’t ensure the firm won’t experience another ransomware attack. Either way, we urge business leaders to stringently secure and manage their most valuable data – what hackers call “the honeypot” –before they get hit. Following are three top safety tips.
Users who access the corporate network or the Internet should do so only on secure devices.
Users should follow best practices such as proper password management and be trained in both email and data awareness.
Personnel who access the corporate network remotely should use additional safeguards, such as virtual private networks (VPNs).
Although governments, educational institutions and healthcare providers are targeted most often, every business sector has been hit.
More than one firm and its leadership have thought they were protected until a user inadvertently opened a vulnerability and disaster struck. A few practical adjustments can reduce a company’s exposure surface considerably.At Carmichael Consulting, we offer services and solutions that can dramatically reduce the odds of a ransomware attack. For a no-obligation discussion (and a complimentary list of employee training tips), call 678-719-9671 Ext. 1 or email info@carmichaelconsulting.net.
Carmichael Consulting’s “Secure Seven” Training Tips
Never click on unverified links Avoid clicking links in unfamiliar emails or websites. Downloads that start when you click on a links is a sign your computer may be getting infected.
Do not open untrusted email attachmentsLook at who the email is from and confirm the email address is correct. Assess whether an attachment looks genuine before opening it. If you’re not sure, contact the person you think has sent it and double check. Never open attachments that ask you to enable macros to view them. If the attachment is infected, opening it could give malware control over your computer.
Only download from trusted sitesTo reduce the risk of downloading ransomware, do not download software or media files from unknown websites. Look in the search bar to see if the site uses ‘https’ instead of ‘http.’ A shield or lock symbol may also appear in the address bar to verify that the site is secure.
Download mobile apps from reputable sourcesAndroid phones should use the Google Play Store and iPhone users should use the App Store.
Avoid giving out personal dataIf you receive a call, text, or email from an untrusted source that asks for personal information, do not give it out.
Never use unfamiliar USB drivesNever insert USBs or other removal storage devices into your computer if you do not know where they came from. Cybercriminals may have infected the device with ransomware and left it in a public space to lure you into using it.
Exercise caution when using public Wi-FiWhen you use public Wi-Fi, your computer system is more vulnerable to attack. To stay protected, avoid using public Wi-Fi for confidential transactions, or use a secure VPN.