Ransomware attacks continue to gain traction among cybercriminals who find them a popular and profitable business, and for a few different reasons. Security vulnerabilities and exploits pave the way for data breaches as the initial step toward ransomware. Many organizations still fail to adequately protect their critical assets. Further, more attackers employ a double-extortion tactic in which they vow to leak the stolen data publicly if the ransom goes unpaid.
SEE: Ransomware: What IT pros need to know (free PDF) (TechRepublic)
A report released Tuesday by cyber threat intelligence provider Check Point Research looks at the latest trend among ransomware attacks and suggests some tips on how to combat them.
The past six months have seen an increase in the number of attacks involving human-operated ransomware, such as Maze and Ryuk. In these cases, the victims have to negotiate directly with the criminals who launched the attack. Over the same period, the number of organizations affected by ransomware jumped by 57%, according to Check Point, reaching a total of 3,868. In 2021, that volume has risen another 9% per month so far.
More ransomware attacks are exploiting vulnerabilities in Microsoft Exchange, most notably in light of the recent Exchange hack that has impacted many organizations. Over the past week, the number of attacks involving Exchange Server has tripled, according to Check Point. The most targeted industries have been government and military, manufacturing, and banking and finance. The most targeted country has been the U.S. (almost half of all such Exchange exploit attempts), followed by the U.K., the Netherlands and Germany.
The infamous WannaCry ransomware worm has emerged as a more prevalent threat. Since the start of 2021, the number of organizations around the world affected with WannaCry surged by 53%. Check Point discovered more than 40 times more affected organizations in March 2021 compared with those in October 2020. The latest strains of WannaCry use the EternalBlue exploit to propagate. Given that a patch for this exploit has been available for more than four years, this tactic shows why organizations need to patch their systems as quickly as possible.
To protect your organizations and assets from ransomware, Check Point provides the following nine tips:
- Back up all data. Back up your company’s data regularly. If something goes wrong, you should be able to quickly and easily revert to a recent backup. This won’t protect you from being the target of an attack. But if you’re ever attacked, the fallout won’t be nearly as devastating.
- Keep software updated. Ransomware attackers sometimes find an entry point within software by exploiting any vulnerabilities. Fortunately, some developers actively search for new vulnerabilities and patch them. Adopt a patch management strategy and ensure that all team members are constantly aware of the latest updates. WannaCry relies on unpatched systems to spread. The patches for the vulnerability have been around for four years, yet evidently many organizations still haven’t applied them.
- Use better threat detection. Most ransomware attacks can be detected and resolved before it’s too late. To maximize your chances of protection, have an automated threat detection system in place.
- Adopt multi-factor authentication. Multi-factor authentication forces users to verify their identities in multiple ways before they’re granted access to a system. If an employee’s password is ever leaked to a criminal, the attacker won’t be able to gain easy access to your systems.
- Use the principle of least privilege. Employees should never have more access to data than they truly need. Segmenting your organization and restricting access can provide a kind of quarantine effect, minimizing the impact of a potential attack and limiting the vectors of access.
- Scan and monitor emails and file activity. Emails are the default choice of cybercriminals running phishing schemes. Scan and monitor emails on an ongoing basis, and consider deploying an automated email security solution to block malicious emails from reaching users. Also, consider scanning and monitoring file activity.
- Improve employee training. Most ransomware attacks are the by-product of bad employee habits or pure ignorance. Someone may voluntarily give out their password or download an unfamiliar file. With better employee training, the chances of this happening are much lower.
- Don’t pay the ransom. If your organization happens to be the victim of a ransomware attack, don’t pay the ransom. It might seem tempting to get out of this bad situation as quickly as possible. But even after paying the ransom, there’s no guarantee the attacker will be true to their word.
- Use anti-ransomware solutions. To achieve its objective, ransomware must perform certain anomalous actions, such as opening and encrypting large numbers of files. Protecting against ransomware that “slips through the cracks” requires a specialized security solution. Anti-ransomware solutions monitor programs running on a computer for suspicious behavior commonly exhibited by ransomware. If these behaviors are detected, the program can stop any encryption before further damage is done.