Over this period, one needs to be careful of Phishing emails and Unsecure remote desktop protocol access because they are the basic methods via which the spread of Ransomware are been possible. We confirmed this from Cyber breach firm Beazley Breach Response Services.
Ransomware should not be jeopardized with as it is a serious threat to Organizations no matter the circumstances. Though the fact of Coronavirus spreads and then sends people home as they work from home. Under this same season, cybercriminals are really exploiting and taking advantage of the situation, thereby hitting more potential victims.
Be aware that the latest ransomware is targeting businesses and their remote workers via Phishing emails and seeking vulnerable Microsoft’s Remote Desktop Protocol (RDP). In as much as this can attack without your know-how, you can also build a defense against these ransomware attacks.
The rise in ransomware was alerted by Beazley’s 2020 Breach Briefing, saying that this started a long way back ago even before the outbreak of Corona virus. As of 2019, the number of ransomware attacks reported to Beazley by Firm’s clients pushed to 131% from 2018. Some set of ransomware such as Ryuk and Sodinokibi was launched alongside with banking Trojans such as Trickbot and Emotet.
From the aspect at which this malware is been spread you can streamline the vices it is coming from. The story is not farfetched from Phishing emails as they are the common vector. Be careful of malicious Emails with attachments or links to credential-stealing sites as it has led a lot to a number of incidents. Perhaps, they are available defenses including email filters and extra levels of authentication. Though many organizations have not yet made use of it.
Hacker won’t stop using brute attacks to try to obtain the login credentials of an employee with remote desktop access as Microsoft’s Remote Desktop Protocol technology worth exploitation. This is because when they become successful, they can gain access to critical workstations or servers. In as much as employees work from home, it is good to acknowledge the fact that companies need to take right to reduce the Vulnerability of their IT infrastructure so that employees can access their computer via a virtual private network with multi-factor authentication.
Katherine Keefe also stated that it is important to whitelist IP addresses that are allowed to connect via RDP and make sure that unique credentials for remote access are put in place. This is because RDP can run on a standard port and can be easily identified during the scan. As such, it can be tracked down via various security vulnerabilities in which hackers can equally gain unauthenticated access to an internal server.
Ways to prevent ransomware from gripping your organization and your workers | Pro Tips
Another part that ransomware can take hold of is to attack a vendor rather than an individual organization. We counted 17% ransomware incident which was reported to Beazley last year came as a result of attacks on the Third-party vendors. Some of the preventive measures include;
- At such a time like this, ensure you lock down RDP. Major Ransomware is targeted for the RDP. So, therefore, enable RDP where required with secure configuration attached. You could employ the use of a strong password with at least 16 characters and also some other multi-factor authentication (MFA).
- Switch on MFA. Just like I mentioned earlier, this is necessary for internal administrative accounts and for external access to all applications such as email, RDP and VPNs.
- Also, disable PowerShell. For safety, update PowerShell to the latest framework on all computers. This is because the latest version features comprehensive security and login controls.
- Patching of operating systems is also necessary. As this is enabled, also fix your eyes on the emerging threats detected by the anti-virus because some can scale without been detected in the system most especially when the anti-virus software is out of date.
- Initiate security awareness training. Also, train employees on how to recognize common threats and scams and then how to report any complex security alert. Let the training touch phishing exercise as it also helps to keep alert of security and also prepares them on how to respond to cyber-attacks.
- Back up your data.
- Develop a business continuity plan
- Also, test for backups to ensure that the recovery tally with the Organization’s recovery point and recovery time objectives. You can do this by employing an automated monitoring factor that will notify you that backups are not functioning appropriately.