You know the ransomware threat is getting serious when the U.S. Department of Justice appoints a task force to get involved.
After ransomware gang REvil compromised Apple supplier Quanta Computer’s network and claimed to have stolen Apple trade secrets, the feds allegedly decided to step in to provide some muscle in the fight against ransomware. Although little is known at this time about the task force, we do know that REvil attempted to extort $50 million dollars from Quanta before publishing pictures of what appears to be Macbook blueprints to the gang’s name-and-shame dark web site.
The gang also reportedly stole many gigabytes worth of personal data from other, unidentified Quanta customers, which include big names such as Dell, Hewlett-Packard, Alienware, Lenovo, Cisco, and Microsoft.
Common Ways Ransomware Infiltrates Systems
We tend to think companies as massive as Apple are immune to ransomware and other malicious attacks because they have the best defenses money can buy. However, the Quanta incident is a stark reminder of how third-party cybersecurity is just as important as your own.
Quanta hasn’t reported a source of the infiltration, but in general, ransomware gets into company networks in just a handful of ways.
Exploit Kits
Exploit kits are toolkits equipped with a selection of exploits that take advantage of vulnerabilities in software such as Adobe Flash Player, Adobe Reader, and Internet Explorer. When a user clicks on a malicious ad or other link, the embedded code scans for vulnerabilities in the user’s software. If the kit finds a vulnerability, it installs additional malware, which can cause further damage to the device and to the network.
Malicious Email Attachments
Infected attachments are often delivered via emails that look like they are from a trusted or known sender such as IT or human resources. When the recipient opens the link, the malicious code downloads onto the system and can encrypt files or work its way through the network collecting data and credentials for later use.
Malicious Email Links
Like the attachments above, malicious links often arrive in emails that seem legitimate and trustworthy. When the user clicks the link, ransomware or another malicious application is downloaded into the system and the “fun” begins.
10 Ways Your IT Environment Makes It Easier for Ransomware to Get In and What to Do About It
With all of the cybersecurity and data protection solutions on the market today, it seems as though ransomware attacks should be few and far between. But based on the constant stream of attacks in the news each week, that is obviously not the case.
In many cases, when you stop and check under the hood, it turns out there are inherent problems within the IT environment itself that make it easier for ransomware operators to find a way in.
Here are 10 points of weakness found in many organizations’ IT environments and what you can add to your ransomware protection strategy to fix them:
1. Remote Workers
COVID-19 made remote work a necessity for many organizations, few of which were fully prepared to manage and support the new environment. The rapid deployment of millions of remote endpoints provided a huge attack surface for ransomware operators, and they have taken full advantage.
Fix: Even before the pandemic, RDP and VPN were popular points of entry for ransomware. Now that a huge number of employees need to access company applications, systems, and data remotely, it is crucial to put safeguards in place, including:
- Limiting access by IP address
- Configuring the RDP so it isn’t visible to port scanners
- Putting security policies in place to limit access and prevent privilege elevation
- Ensuring every device has malware/antivirus protection (and that it stays up to date)
2. Unsegmented Networks
Unsegmented networks give ransomware attackers free range of your network, including access to your most business-critical data and applications. This unfettered access allows operators to encrypt and steal sensitive employee and user data, as well as initiate attacks like distributed denial of service (DDoS), which impacts availability and operations.
Fix: Segmenting networks by level of importance to operations and cybersecurity minimizes damage and data loss by controlling how far a ransomware attacker can penetrate your systems and how much damage they can inflict before being detected.
3. Elevated Privilege
Despite what they might tell you, many of your admins probably don’t need the level of access they currently have. The more people with access to data and applications they don’t use as part of their day-to-day responsibilities, the more opportunity for a ransomware operator to use that privilege for their gain.
Fix: Conduct an access review to determine who has access to what and whether that access is 100 percent necessary. Then revoke any elevated privileges. You can also implement Zero Trust initiatives and privileged access management solutions to control who has access to what and when.
4. Missed Patches and Updates
This is one of the most common vulnerabilities that leads to successful ransomware attacks, and yet it is practically 100 percent preventable.
Fix: A lot of small and medium-sized businesses can’t afford to dedicate an IT person to manage the almost-constant stream of updates and patches being released. Because not updating and patching shouldn’t be an option either, automating as much as possible or even partnering with a managed services provider will help close a main source of security gaps.
5. Sloppy Antivirus Protection
Just because your company bought an antivirus protection solution doesn’t mean it is doing its job well.
Fix: To be effective, antivirus software has to be configured properly and installed on every device with access to the company network. Once those two bases are covered, it is essential to regularly install updates on those devices to ensure the antivirus software can detect any new and evolving threats.
6. Not Air-Gapping Backups
Simply backing up your data is no longer sufficient when it comes to preparing for disaster recovery after a ransomware attack. Some of today’s strains actually target backup files, encrypting them so they are useless for restoring data after the attack is resolved.
Fix: To ensure you still have data to restore, amend the traditional 3-2-1 backup strategy to include an air-gapped copy of the data stored completely separate from the company network to prevent corruption.
7. Hidden Extensions
File extensions are used to tell the operating system which program is needed to open a file (for example, .txt, .doc, or .xls). However, Microsoft defaults to hidden extensions in Windows, which poses a huge security risk. When file extensions aren’t visible, a ransomware operator can disguise a malicious executable file as an innocuous Word doc or PDF that downloads malware when the user opens the file.
Fix: Ensure users always know what type of file they are opening by making extensions visible and add another layer of protection by blocking executables so users don’t accidentally open an infected file.
8. Poor Password Policies
People are bad at creating passwords, and that’s a weakness ransomware operators are good at exploiting. Brute force attacks are one of the most popular methods used to gain unauthorized access to company networks. These attacks use bots to input the most common default and frequently used passwords, and they are often successful.
Fix: Keeping patches up to date and enforcing strict password protocols are the best ways to block brute force attacks. Implementing a multi-layer password security policy that includes strong passwords, multi-factor authentication, and biometrics is essential.
9. Lax Email Threat Management
Email is a prime delivery method for ransomware and other malicious applications. It only takes one employee making a poor choice to bring down the entire network for an extended period of time or to allow data to be corrupted or exfiltrated.
Fix: You can’t afford to slack on email threat management when the stakes are this high. Implementing a robust email threat management strategy is a critical step in minimizing your risks. Look for a solution that offers adaptive spam filtering, anti-malware, and data encryption capabilities.
10. Not Educating Employees
The common denominator in many successful ransomware attacks is human error. Although many IT departments view employees as the weak link in their security strategy, with the right training, those same people can become your first and best line of defense.
Fix: Frequent, customized security awareness training can significantly reduce your organization’s attack surface. Arming employees with the knowledge of how to spot bad links and avoid opening malicious attachments, and train them in what to do if they get a suspicious email makes them an extension of IT rather than a liability.
Today’s ransomware operators aren’t scared to take on even the biggest industry giants. But that doesn’t mean that we can’t fight back. Find out how to protect your organization from becoming just another ransomware victim. Download Don’t Become a Statistic: Stay Ahead of Cybercriminals by Implementing a Holistic Ransomware Protection Strategy to learn more.