At the ripe old age of 30, Ransomware could be considered antique in the malware world. This particular type of malicious software has been around since 1989, when the first version was created by the “Father of Ransomware”, Joseph L. Popp. Disseminated via mailed floppy disks, the program demanded a hefty ransom of $189 to free victims’ data.
A lot has changed since then and ransomware has matured in both sophistication and reach. Its popularity continues to increase, with ransomware attacks on businesses up 74% in 2019 according to Bitdefender. Ransom payments have also grown with the times, averaging more than $80,000 in Q4 2019. With so much earning potential, it’s no wonder ransomware is often the malware of choice for malicious actors targeting organizations.
The Ransomware Appeal
Cyber attackers choose to use ransomware for a number of reasons. As previously mentioned, it can be very lucrative. Organizations are generally inclined to pay a ransom rather than risk interrupting the flow of business and losing consumer trust. Additionally, the margins are good. There are several cheap and easy attack vectors that can be used to launch a ransomware attack. Cyber attackers can put in minimal effort and get maximum payout. Three of the most common ransomware attack vectors are:
Remote desktop protocol (RDP)
RDP for the Win
Cheap, easy, and highly available, RDP is the belle of the ball, accounting for nearly 60% of all ransomware attacks. RDP ports are often poorly secured and easily compromised. Additionally, RDP security relies heavily on proper password protocol, which can be ignored by users. Less-skilled cyber attackers can easily infiltrate weakly protected RDPs to harvest credentials. Or, if that’s too much work, they can just buy RDP credentials on the dark web, with some selling as cheaply as $20 each.
Once malicious actors attain credentials, they can bypass endpoint protection and begin wreaking havoc on enterprise systems, including wiping or encrypting data backups. For organizations to gain access to their own data or retrieve it, they must transfer ransom money to a bitcoin account or some other cryptocurrency repository.
Strengthening your RDP really comes down to observing some basic cyber hygiene best practices, including:
Putting RDP behind a firewall
Requiring strong passwords
Employing two-factor authentication
Limiting IP Access
Maintaining logs and monitoring RDP
Consistently backing up data
Running regular vulnerability and threat scans
Making vulnerability remediation a priority
Enforcing best practices among your users
Speaking of users, it is important to ensure your end users are sufficiently educated about security best practices, such as practicing proper password protocol. Their overall security awareness will not only improve RDP security, but can help shut down other ransomware attack vectors, such as email phishing.
Phishing for Credentials
The second most popular ransomware attack vector is email phishing. Using links, attachments, or both, an email phishing attack seeks to trick users into taking some sort of action. Phishing emails containing links may appear to come from a known contact asking a user to enter credentials for a bogus purpose. Those credentials are then stolen and used to access key systems on which ransomware can be installed. Other tactics include asking the user to click on a fake attachment, after which ransomware begins automatically downloading.
When it comes to mitigating the risk of compromise via phishing, knowledge truly is power. It is crucial to educate employees about the dangers of phishing emails so they can be your organization’s first line of defense. This is best done through a professional employee security awareness program, which includes multiple steps and quizzes to determine comprehension. These programs improve employee awareness about many potential security pitfalls, such as email phishing, and best practices like proper password protocol and overall good cyber hygiene.
Software vulnerabilities come in third among common ransomware delivery methods. Unpatched software not only opens the door to malware intrusions, but lays out a welcome mat as well. In some cases, when software is not properly updated or patched, attackers can access networks without having to harvest credentials. Once in the system, they begin attacking key programs and viewing or exfiltrating sensitive data. Additionally, many types of ransomware have evolved to forms that are difficult to detect, therefore extending their dwell time for maximum destruction.
To ensure vulnerabilities are not exploited, you need to identify and eliminate them. Effective vulnerability management (VM) is the only way to keep current tabs on all of your vital systems and their security. Vulnerability scans can identify system weaknesses and, when paired with the right management capabilities, can help you develop an effective plan to remediate them. It’s essential to choose the right VM tools that provide the accuracy, efficiency, and guidance your team needs to tackle the most important vulnerabilities first. Once you have a scalable, sustainable VM program in place, you’ll be able to fend off many future ransomware and other malware attacks effectively.