Cybersecurity experts estimate that there is a ransomware attack every 11 seconds. This makes it a challenge to individuals, businesses, and even governments.
In ransomware attacks, cybercriminals encrypt a victim’s network or data, making it inaccessible until a ransom is paid. Despite organizations’ efforts to reduce the attacks, cybercriminals also are advancing their attack methods. For instance, an organization may have backups they can use to restore their systems, but the criminals also demand ransom not to publish the sensitive company information they have in their possession.
Ransomware is not a new cybersecurity threat. It is traced back to 1989 when the first ransomware was released through floppy disks and required a victim to send money to a post office box in Panama. As technology has now advanced to allow for always-on connectivity, the prevalence of ransomware has grown tremendously. The use of Bitcoin and other cryptocurrencies as payment makes it more complicated as they are difficult to trace. These attacks, such as the WannaCry, CryptoLocker, etc., have resulted in billions in losses through infrastructure and business outages and millions of dollars being paid to the attackers.
Ransomware has grown so much that organized gangs are offering cybercriminals services for hire. This is made more intricate by the availability of ransomware-as-a-service (RaaS) to provide infrastructure to other cybercriminals to escalate their attacks.
Ransomware has become such a global threat that in a joint advisory made up of CISA, FBI, NSA and International Partners, has called for every government, business, and individual to be aware of this threat and take necessary action to avoid becoming victims.
On the other hand, there are efforts to reduce the threat scale by various groups. One such group is the Cyber Threat Intelligence League (CTI-League), made up of cybersecurity experts from different countries. They have helped take down malicious websites, detect vulnerabilities, collect and analyze different phishing messages, and assist law enforcement organizations in creating safer cyberspace.
Protecting Against Ransomware
Before a ransomware attack is fulfilled, there are detectable activities that can aid in mitigating an attack. In any case, the attackers target specific user behavior, unchanged default security configurations and common technology vulnerability. This means that ransomware attacks can be avoided. Some ways to keep safe from ransomware include:
Timely patches – ensure to patch operating systems and other software immediately whenever a patch is released. Patching also should apply to cloud environments, including virtual machines, serverless applications, and third-party libraries.
Keep backups – it is impossible to fully protect an organization’s network as one user action may expose the network to attacks. Regularly backing up data is crucial. However, ensure that cloud backups are encrypted and can’t be deleted or altered. Also, always keep a backup version that is not accessible through the cloud to ensure business continuity in case of an attack.
User training – users are considered the weakest link in the line of defense against cybersecurity. An attack can start with a seemingly legit email containing a link or an attachment that downloads malware to a device once clicked. Therefore, continuous user training and phishing exercises will help reinforce user responses to suspicious emails.
Secure and monitor RDP – as more people adopt remote working, they rely on the remote desktop protocol to connect to office computers or colleagues. This has made RDP one of the most commonly used methods for attackers to gain access to a network. Therefore, businesses should use Network Level Authentication (NLA) and use unique and complex passwords for users to authenticate themselves before making a remote connection. Other ways include multifactor authentication, setting time limits to disconnect inactive RDP sessions automatically, and limiting login attempts.
Use up-to-date antivirus software – this should be used to regularly scan the systems and scan files downloaded from the internet before they are opened.
Network monitoring – use network monitoring tools and intrusion detection systems to look out for any suspicious activity.
The CISA, FBI, NSA, and International Partners joint advisory discourages paying ransom to cybercriminals and recommends following the CISA ransom response checklist and reporting to cybersecurity authorities such as the FBI, CISA, or the U.S. Secret Service. System administrators should also follow incident response best practices that can aid in handling malicious activity.
Carion Doty LLP
The Rise in Ransomware Attacks and How to Keep Safe
April 1, 2022 · Blog, What's New in Technology
Cybersecurity experts estimate that there is a ransomware attack every 11 seconds. This makes it a challenge to individuals, businesses, and even governments.
In ransomware attacks, cybercriminals encrypt a victim’s network or data, making it inaccessible until a ransom is paid. Despite organizations’ efforts to reduce the attacks, cybercriminals also are advancing their attack methods. For instance, an organization may have backups they can use to restore their systems, but the criminals also demand ransom not to publish the sensitive company information they have in their possession.
Ransomware is not a new cybersecurity threat. It is traced back to 1989 when the first ransomware was released through floppy disks and required a victim to send money to a post office box in Panama. As technology has now advanced to allow for always-on connectivity, the prevalence of ransomware has grown tremendously. The use of Bitcoin and other cryptocurrencies as payment makes it more complicated as they are difficult to trace. These attacks, such as the WannaCry, CryptoLocker, etc., have resulted in billions in losses through infrastructure and business outages and millions of dollars being paid to the attackers.
Ransomware has grown so much that organized gangs are offering cybercriminals services for hire. This is made more intricate by the availability of ransomware-as-a-service (RaaS) to provide infrastructure to other cybercriminals to escalate their attacks.
Ransomware has become such a global threat that in a joint advisory made up of CISA, FBI, NSA and International Partners, has called for every government, business, and individual to be aware of this threat and take necessary action to avoid becoming victims.
On the other hand, there are efforts to reduce the threat scale by various groups. One such group is the Cyber Threat Intelligence League (CTI-League), made up of cybersecurity experts from different countries. They have helped take down malicious websites, detect vulnerabilities, collect and analyze different phishing messages, and assist law enforcement organizations in creating safer cyberspace.
Protecting Against Ransomware
Before a ransomware attack is fulfilled, there are detectable activities that can aid in mitigating an attack. In any case, the attackers target specific user behavior, unchanged default security configurations and common technology vulnerability. This means that ransomware attacks can be avoided. Some ways to keep safe from ransomware include:
Timely patches – ensure to patch operating systems and other software immediately whenever a patch is released. Patching also should apply to cloud environments, including virtual machines, serverless applications, and third-party libraries.
Keep backups – it is impossible to fully protect an organization’s network as one user action may expose the network to attacks. Regularly backing up data is crucial. However, ensure that cloud backups are encrypted and can’t be deleted or altered. Also, always keep a backup version that is not accessible through the cloud to ensure business continuity in case of an attack.
User training – users are considered the weakest link in the line of defense against cybersecurity. An attack can start with a seemingly legit email containing a link or an attachment that downloads malware to a device once clicked. Therefore, continuous user training and phishing exercises will help reinforce user responses to suspicious emails.
Secure and monitor RDP – as more people adopt remote working, they rely on the remote desktop protocol to connect to office computers or colleagues. This has made RDP one of the most commonly used methods for attackers to gain access to a network. Therefore, businesses should use Network Level Authentication (NLA) and use unique and complex passwords for users to authenticate themselves before making a remote connection. Other ways include multifactor authentication, setting time limits to disconnect inactive RDP sessions automatically, and limiting login attempts.
Use up-to-date antivirus software – this should be used to regularly scan the systems and scan files downloaded from the internet before they are opened.
Network monitoring – use network monitoring tools and intrusion detection systems to look out for any suspicious activity.
The CISA, FBI, NSA, and International Partners joint advisory discourages paying ransom to cybercriminals and recommends following the CISA ransom response checklist and reporting to cybersecurity authorities such as the FBI, CISA, or the U.S. Secret Service. System administrators should also follow incident response best practices that can aid in handling malicious activity.
Disclaimer
These articles are intended to provide general resources for the tax and accounting needs of small businesses and individuals. Service2Client LLC is the author, but is not engaged in rendering specific legal, accounting, financial or professional advice. Service2Client LLC makes no representation that the recommendations of Service2Client LLC will achieve any result. The NSAD has not reviewed any of the Service2Client LLC content. Readers are encouraged to contact a professional regarding the topics in these articles. The images linked to these articles are protected by copyright and should not be copied for any reason.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Cybersecurity experts estimate that there is a ransomware attack every 11 seconds. This makes it a challenge to individuals, businesses, and even governments.
