Ransomware attackers don’t care who you are or what data you have. They only care that you need the data – whether its family photos on your phone or your organizations’ client information – and that you’re willing to pay for its safe return. Therefore, all individuals as well as organizations, from for-profit to non-profit, from small to large, and across all industries, are at risk of becoming a ransomware victim. If you have an IP address, your data might be up for grabs.
Luckily, you are not the only line of defense.
Attack Vectors – How You Might End Up as a Victim
Attack vectors are the ways an attacker gains access to a device in order to execute a malicious act. The most common attack vectors used to infect devices and spread ransomware include:
- Phishing Emails: Unsuspecting or untrained users receive an email designed to trick you into clicking on a link or attachment containing a malicious file. Once files on one device have been encrypted, the more advanced ransomware strains will automatically move to other devices on the network.
- Remote Desktop Protocol (RDP): An RDP allows you to use a graphical interface to connect to another computer over a network connection. Attackers look for these types of machines since RDPs have port 3389 open, providing an easy entry point to other devices. Once an attacker locates this type of machine, they will attempt to take advantage of a misconfiguration or use brute force to crack a password using popular password-cracking tools that allow them to gain entry to the device as an administrator. The attacker then will encrypt the device and often disable any endpoint protection software they encounter.
- Malvertising: This attack vector combines malware with advertising, which is different from adware. Malvertising occurs when an attacker purchases legitimate ad space and embeds malicious code into the digital ad or redirects users to malicious sites that are designed to exploit vulnerabilities and deploy ransomware once the ad is clicked.
- Removable Media: USBs are the most common type of removable media and can be used to install ransomware onto machines. One such case occurred in Australia where unmarked USB drives were placed in residents’ mailboxes. After plugging in the USB drives, users were encouraged to install an alleged Netflix promotion. By clicking on the promotion, users received ransomware that encrypted their devices. Police had to issue a warning to residents not to plug in unknown USB drives because this attempt was so successful.
Survive a Ransomware Attack
How IT Can Keep You Safe
Cybersecurity best practices almost always recommend a layered approach to defend against any attack vector. Ransomware is no different.
Make sure your IT department has a layered approach that includes:
- Backups: IT should develop a backup strategy using offsite storage or a complete cloud strategy. Your organization can select the option that is most ideal for their situation. They key is to be sure that backup files/media are effectively isolated from machines or networks except during scheduled backups. And backups should be tested regularly to ensure completeness and integrity.
- Patching/Updates: All software requires updates and/or patches at some point, so your organization should have a well-developed strategy for testing patches and updates. In addition, a deployment strategy will ensure software is current and therefore protected against known vulnerabilities.
- Antivirus/Anti-Malware: Antivirus software is meant to handle more established threats like trojans, viruses, and worms. Anti-malware software deals with advanced threats, including zero-day malware (a newly discovered software vulnerability that the vendor has yet to patch/update and release to its users) and polymorphic malware (malware that constantly changes its identifiable features to evade detection). Your IT department should work to implement antivirus and anti-malware solutions to be as proactive as possible against these new and existing threats.
It’s also important to partner cybersecurity and business continuity efforts for optimum incident planning.
How You Can Be Part of the Solution
Security awareness training is a major component to keeping individuals and organizations safe from cybersecurity attacks. Knowing what threats exist, how to identify them, and ultimately how to avoid or defend against them is critical to your data protection plan.
Your organization can offer simulated email phishing campaigns for its employees. Users receive emails specifically designed to test if they will interact with untrusted links, websites, or requests, and might ask for sensitive information to be provided. This effort reviews and evaluates user awareness of the organization’s specific information security policies and procedures and helps management understand the level of risk introduced by end-users.
Additional – and consistent – security awareness training can include courses developed to address major aspects of a cybersecurity program and delves into real-world scenarios, examples of effective awareness techniques, and how to make awareness part of the organizational culture. Your organization also can put up cybersecurity awareness posters, provide mousepads with top cybersecurity tips, or use screensavers to keep awareness top of mind.
These efforts allow individuals to be part of the organization’s data protection solution and can be used in their personal lives where best practices are shared with friends and family.