Home Computers & Ransomware During COVID-19Read more
Ransomware Attacks: More Targeted, Sophisticated, and Costly
Ransomware attacks are becoming more sophisticated and doing more damage than ever. Learn the steps to prevention and recovery.
Ransomware has matured. It isn’t being done by a lone hacker sitting in their parent’s basement. It’s organized crime. The attacks are more frequent and more sophisticated.
These attacks are paying off for cybercriminals. For 2019, the FBI estimates that businesses and individuals lost $3.5 billion from more than 467,000 incidents of cybercrime. They are also becoming more frequent. The number of attacks grew by a third from the previous year – an increase of more than 100,000.
While ransomware attacks overall grew less frequent, the losses from ransomware increased significantly. The attacks are no longer aimed at mass audiences, but instead, they are highly targeted attacks on businesses.
“Ransomware attacks are becoming more targeted, sophisticated and costly,” according to the FBI’s Internet Crime Complaint Center (IC3).
Recovering from a ransomware attack can be catastrophic.
Hackers demanded more than $75,000 from the city of Baltimore during a ransomware attack in 2019. When the city refused to give in, they lost their data. They are still cleaning up the mess at an estimated cost of $18.2 million. When shipping giant Maersk was hit with ransomware, it had to shut down operations at 17 ports. The company reported losses exceeding $200 million.
Preventing Ransomware Attacks
The most common ransomware attacks use email phishing. Cybercriminals also exploit vulnerabilities in software and are increasingly targeting vendors and suppliers that connect to businesses through third-party connections. They may also probe systems to find unsanitized inputs that are susceptible to code injection attacks.
Dealing with these vulnerabilities can help prevent ransomware attacks.
Patch and Upgrade Your Software
Ransomware attacks such as WannaCry and NotPetya propagated through business networks through a vulnerability in Microsoft’s SMB (Server Message Block) protocol. Microsoft put out a patch in 2017, but organizations that never applied the patch paid the price.
If companies still have computers with Windows 7 in service, they’re especially vulnerable since the company ended support in January 2020.
Review Port Settings
A favorite attack vector for ransomware is through SMB port 445 and RDP (Remote Desktop Protocol) port 3389. Consider whether you need to leave these ports open. Limit connections only to trusted hosts.
Actively Monitor Networks
With an Intrusion Detection System (IDS) in place, ransomware and other threats are less likely to be successful. An IDS will monitor network traffic logs and flag, potentially malicious activity.
Evaluate Third-Party Connections
With most businesses using cloud-based services these days, it’s crucial to examine any third-party connections. Your network is only as safe as things it is connected to.
Educate Your Staff
Even with active monitoring and safeguards in place, your most significant vulnerability is your employees. They might inadvertently open a malicious email, click on a warning about security alerts, or fall victim to a sophisticated spear-phishing or whaling attacks, Educate your team members on the dangers of email phishing attacks.
Conduct Penetration Testing
Simulated cyber-attacks can help detect vulnerabilities. Pen tests can attempt to breach applications, frontend or backend servers, systems, and APIs. Penetrating testing will employ some of the same tactics that cybercriminals use, including SQL injection, cross-site scripting, and backdoors to probe form problems. Once the pen testers gain access, they will scour systems for vulnerabilities that ransomware or other malicious code could damage.
When ransomware strikes, anything that’s not backed up is vulnerable. Make sure any critical data is backed up. While most companies are using cloud backups, experts are increasingly looking at solutions that isolate backup data from networks except during backup periods. Also, cloud services may retain previous versions of files allowing you to roll back unencrypted versions.
If You Detect a Ransomware Attack
If you detect unusual activity on your network, pay attention. If it’s a ransomware attack, act immediately.
First, take your systems offline. Pulling the plug on the internet may disconnect the ransomware from its host. Detach physical server connections and try to isolate the intrusion by giving it access to as little as possible.
Get everyone off the network while you start the forensics. The next step is to identify “patient zero.” This is the first place where the infection showed up and can help determine the source of the attack. Taking the infected server offline and examining one of the infected files may show who is listed as the encrypted file’s owner.
If you can find the intrusion point and isolate the ransomware before it spreads, you’ve got a chance to mitigate the damage. Ransomware can infect and encrypt files on a single computer within minutes and then spread to entire networks rapidly. If you can take the infected computer out of the system before the ransomware spreads, you may be able to contain it.
Get Professional Help
Ransomware is a serious threat to your organization. It can cripple operations and cost millions to recover. With the right security in place, you can mitigate the threat.
Contact William Ives Consulting for all your cybersecurity and IT solutions in Charlotte.