At the ripe old age of 30, Ransomware could be considered antique in the malware world. This particular type of malicious software has been around since 1989, when the first version was created by the “Father of Ransomware”, Joseph L. Popp. Disseminated via mailed floppy disks, the program demanded a hefty ransom of $189 to free victims’ data.A lot has changed since then and ransomware has matured in both sophistication and reach. Its popularity continues to skyrocket, with ransomware attacks up 485% in 2020 according to Bitdefender. Ransom payments have also grown with the times, averaging more than $220,000 in Q1 2021. With so much earning potential, it’s no wonder ransomware is often the malware of choice for malicious actors targeting organizations.
The Ransomware AppealCyber attackers choose to use ransomware for a number of reasons. As previously mentioned, it can be very lucrative. Organizations are generally inclined to pay a ransom rather than risk interrupting the flow of business and losing consumer trust. Additionally, the margins are good. There are several cheap and easy attack vectors that can be used to launch a ransomware attack. Cyber attackers can put in minimal effort and get maximum payout. Three of the most common ransomware attack vectors are:
- Remote desktop protocol (RDP)
- Email phishing
- Software vulnerabilities
Phishing for CredentialsPhishing rose to #1 in Q4 of 2020 as the most used ransomware attack vector. Using links, attachments, or both, an email phishing attack seeks to trick users into taking some sort of action. Phishing emails containing links may appear to come from a known contact asking a user to enter credentials for a bogus purpose. Those credentials are then stolen and used to access key systems on which ransomware can be installed. Other tactics include asking the user to click on a fake attachment, after which ransomware begins automatically downloading. When it comes to mitigating the risk of compromise via phishing, knowledge truly is power. It is crucial to educate employees about the dangers of phishing emails so they can be your organization’s first line of defense. This is best done through a professional employee security awareness program, which includes multiple steps and quizzes to determine comprehension. These programs improve employee awareness about many potential security pitfalls, such as email phishing, and best practices like proper password protocol and overall good cyber hygiene.
Try the Frontline Social Test™ assessment and see if your team is susceptible to social cyber attacks.
Remote Desktop Protocol (RDP)Cheap, easy, and highly available, RDP is the second most popular attack vector by a small margin. RDP ports are often poorly secured and easily compromised. Additionally, RDP security relies heavily on proper password protocol, which can be ignored by users. Less-skilled cyber attackers can easily infiltrate weakly protected RDPs to harvest credentials. Or, if that’s too much work, they can just buy RDP credentials on the dark web, with some selling as cheaply as $20 each. Once malicious actors attain credentials, they can bypass endpoint protection and begin wreaking havoc on enterprise systems, including wiping or encrypting data backups. For organizations to gain access to their own data or retrieve it, they must transfer ransom money to a bitcoin account or some other cryptocurrency repository. Strengthening your RDP really comes down to observing some basic cyber hygiene best practices, including:
- Putting RDP behind a firewall
- Requiring strong passwords
- Employing two-factor authentication
- Limiting IP Access
- Maintaining logs and monitoring RDP
- Consistently backing up data
- Running regular vulnerability and threat scans
- Making vulnerability remediation a priority
- Enforcing best practices among your users
Patchy ProtectionSoftware vulnerabilities come in third among common ransomware delivery methods. Unpatched software not only opens the door to malware intrusions, but lays out a welcome mat as well. In some cases, when software is not properly updated or patched, attackers can access networks without having to harvest credentials. Once in the system, they begin attacking key programs and viewing or exfiltrating sensitive data. Additionally, many types of ransomware have evolved to forms that are difficult to detect, therefore extending their dwell time for maximum destruction.
Do you have malware hiding out in your networks?