The Rise in Ransomware Attacks and How to Keep Safe
⏱ 5 min read
Cybersecurity experts estimate that there is a ransomware attack every 11 seconds. This makes it a challenge to individuals, businesses, and even governments.
In ransomware attacks, cybercriminals encrypt a victim’s network or data, making it inaccessible until a ransom is paid. Despite organizations’ efforts to reduce the attacks, cybercriminals also are advancing their attack methods. For instance, an organization may have backups they can use to restore their systems, but the criminals also demand ransom not to publish the sensitive company information they have in their possession.
Ransomware is not a new cybersecurity threat. It is traced back to 1989 when the first ransomware was released through floppy disks and required a victim to send money to a post office box in Panama. As technology has now advanced to allow for always-on connectivity, the prevalence of ransomware has grown tremendously. The use of Bitcoin and other cryptocurrencies as payment makes it more complicated as they are difficult to trace. These attacks, such as the WannaCry, CryptoLocker, etc., have resulted in billions in losses through infrastructure and business outages and millions of dollars being paid to the attackers.
Ransomware has grown so much that organized gangs are offering cybercriminals services for hire. This is made more intricate by the availability of ransomware-as-a-service (RaaS) to provide infrastructure to other cybercriminals to escalate their attacks.
Ransomware has become such a global threat that in a joint advisory made up of CISA, FBI, NSA and International Partners, has called for every government, business, and individual to be aware of this threat and take necessary action to avoid becoming victims.
On the other hand, there are efforts to reduce the threat scale by various groups. One such group is the Cyber Threat Intelligence League (CTI-League), made up of cybersecurity experts from different countries. They have helped take down malicious websites, detect vulnerabilities, collect and analyze different phishing messages, and assist law enforcement organizations in creating safer cyberspace.
Protecting Against Ransomware
Before a ransomware attack is fulfilled, there are detectable activities that can aid in mitigating an attack. In any case, the attackers target specific user behavior, unchanged default security configurations and common technology vulnerability. This means that ransomware attacks can be avoided. Some ways to keep safe from ransomware include:
Timely patches – ensure to patch operating systems and other software immediately whenever a patch is released. Patching also should apply to cloud environments, including virtual machines, serverless applications, and third-party libraries.
Keep backups – it is impossible to fully protect an organization’s network as one user action may expose the network to attacks. Regularly backing up data is crucial. However, ensure that cloud backups are encrypted and can’t be deleted or altered. Also, always keep a backup version that is not accessible through the cloud to ensure business continuity in case of an attack.
User training – users are considered the weakest link in the line of defense against cybersecurity. An attack can start with a seemingly legit email containing a link or an attachment that downloads malware to a device once clicked. Therefore, continuous user training and phishing exercises will help reinforce user responses to suspicious emails.
Secure and monitor RDP – as more people adopt remote working, they rely on the remote desktop protocol to connect to office computers or colleagues. This has made RDP one of the most commonly used methods for attackers to gain access to a network. Therefore, businesses should use Network Level Authentication (NLA) and use unique and complex passwords for users to authenticate themselves before making a remote connection. Other ways include multifactor authentication, setting time limits to disconnect inactive RDP sessions automatically, and limiting login attempts.
Use up-to-date antivirus software – this should be used to regularly scan the systems and scan files downloaded from the internet before they are opened.
Network monitoring – use network monitoring tools and intrusion detection systems to look out for any suspicious activity.
The CISA, FBI, NSA, and International Partners joint advisory discourages paying ransom to cybercriminals and recommends following the CISA ransom response checklist and reporting to cybersecurity authorities such as the FBI, CISA, or the U.S. Secret Service. System administrators should also follow incident response best practices that can aid in handling malicious activity.
Could not reach the server. Please check your connection.
" + dpSimilarCta(output, -1); }) .then(function(){ submit.disabled = false; output.removeAttribute("aria-busy"); }); } function dpAskGrokSend(block) { var input = block.querySelector(".dp-ask-grok-input"); var result = block.querySelector(".dp-ask-grok-result"); var send = block.querySelector(".dp-ask-grok-send"); var form = block.querySelector(".dp-ask-grok-form"); var button = block.querySelector(".dp-ask-grok-button"); var intro = block.querySelector(".dp-ask-grok-intro"); var question = (input.value || "").trim(); if (question.length Please ask a question of at least 10 characters."; return; } if (question.length > 500) { result.innerHTML = "
Question is too long. Please keep it under 500 characters.
Session expired. Please refresh the page and try again.
"; return; } if (resp.status === 200 && resp.data && resp.data.success) { var safeAnswer = dpSimilarEscape(resp.data.answer || ""); var safeDisclaimer = dpSimilarEscape(resp.data.disclaimer || ""); var answerHtml = "
"; answerHtml += "
" + safeAnswer + "
"; answerHtml += "
\u26a0\ufe0f " + safeDisclaimer + "
"; answerHtml += "
"; result.innerHTML = answerHtml; if (form) form.style.display = "none"; if (intro) intro.style.display = ""; if (button) { button.style.display = ""; button.disabled = true; button.setAttribute("title", "Daily limit reached. Try again tomorrow."); button.textContent = "Daily limit reached"; } return; } if (resp.status === 200 && resp.data && !resp.data.success) { var msg = dpSimilarEscape(resp.data.message || "Could not process your question right now."); result.innerHTML = "
" + msg + "
"; return; } result.innerHTML = "
Could not process your question right now. Please try again later.
"; }) .catch(function(){ result.innerHTML = "
Could not reach the server. Please check your connection and try again.
"; }) .then(function(){ if (send) send.disabled = false; result.removeAttribute("aria-busy"); }); } function dpSimilarRender(output, keyword, data) { var html = ""; if (data.count === 0) { html += "
No matches found for “" + dpSimilarEscape(keyword) + "”.
"; html += "" + r.title + ""; html += "" + r.date + ""; html += "
"; }); html += "
"; } html += dpSimilarCta(output, data.count); output.innerHTML = html; } function dpSimilarCta(output, count) { var block = output.closest(".dp-similar-block"); var contactUrl = block ? block.dataset.contactUrl : ""; if (!contactUrl) { return ""; } var ctaText; if (count === -1) { ctaText = "While you wait, here are some other ways to get help:"; } else if (count === 0) { ctaText = "Couldn\u2019t find what you needed? Speak with a professional for personalized help."; } else { ctaText = "Need more help with this topic? Speak with a professional."; } var html = "
"; html += "
" + ctaText + "
"; html += "Talk to a Professional"; html += "
"; var isFullApi = block && block.dataset.isFullApi === "1"; html += "
Or ask our AI assistant a quick question about this topic.
"; html += ""; html += "
"; html += ""; html += ""; html += ""; html += ""; html += "
"; html += ""; html += "
"; html += "
"; return html; } function dpSimilarEscape(s) { var div = document.createElement("div"); div.textContent = s; return div.innerHTML; }})();
Coronado-Fortune & Associates, LLC
The Rise in Ransomware Attacks and How to Keep Safe
April 1, 2022  · Blog, Uncategorized, What's New in Technology
⏱ 5 min read
Cybersecurity experts estimate that there is a ransomware attack every 11 seconds. This makes it a challenge to individuals, businesses, and even governments.
In ransomware attacks, cybercriminals encrypt a victim’s network or data, making it inaccessible until a ransom is paid. Despite organizations’ efforts to reduce the attacks, cybercriminals also are advancing their attack methods. For instance, an organization may have backups they can use to restore their systems, but the criminals also demand ransom not to publish the sensitive company information they have in their possession.
Ransomware is not a new cybersecurity threat. It is traced back to 1989 when the first ransomware was released through floppy disks and required a victim to send money to a post office box in Panama. As technology has now advanced to allow for always-on connectivity, the prevalence of ransomware has grown tremendously. The use of Bitcoin and other cryptocurrencies as payment makes it more complicated as they are difficult to trace. These attacks, such as the WannaCry, CryptoLocker, etc., have resulted in billions in losses through infrastructure and business outages and millions of dollars being paid to the attackers.
Ransomware has grown so much that organized gangs are offering cybercriminals services for hire. This is made more intricate by the availability of ransomware-as-a-service (RaaS) to provide infrastructure to other cybercriminals to escalate their attacks.
Ransomware has become such a global threat that in a joint advisory made up of CISA, FBI, NSA and International Partners, has called for every government, business, and individual to be aware of this threat and take necessary action to avoid becoming victims.
On the other hand, there are efforts to reduce the threat scale by various groups. One such group is the Cyber Threat Intelligence League (CTI-League), made up of cybersecurity experts from different countries. They have helped take down malicious websites, detect vulnerabilities, collect and analyze different phishing messages, and assist law enforcement organizations in creating safer cyberspace.
Protecting Against Ransomware
Before a ransomware attack is fulfilled, there are detectable activities that can aid in mitigating an attack. In any case, the attackers target specific user behavior, unchanged default security configurations and common technology vulnerability. This means that ransomware attacks can be avoided. Some ways to keep safe from ransomware include:
Timely patches – ensure to patch operating systems and other software immediately whenever a patch is released. Patching also should apply to cloud environments, including virtual machines, serverless applications, and third-party libraries.
Keep backups – it is impossible to fully protect an organization’s network as one user action may expose the network to attacks. Regularly backing up data is crucial. However, ensure that cloud backups are encrypted and can’t be deleted or altered. Also, always keep a backup version that is not accessible through the cloud to ensure business continuity in case of an attack.
User training – users are considered the weakest link in the line of defense against cybersecurity. An attack can start with a seemingly legit email containing a link or an attachment that downloads malware to a device once clicked. Therefore, continuous user training and phishing exercises will help reinforce user responses to suspicious emails.
Secure and monitor RDP – as more people adopt remote working, they rely on the remote desktop protocol to connect to office computers or colleagues. This has made RDP one of the most commonly used methods for attackers to gain access to a network. Therefore, businesses should use Network Level Authentication (NLA) and use unique and complex passwords for users to authenticate themselves before making a remote connection. Other ways include multifactor authentication, setting time limits to disconnect inactive RDP sessions automatically, and limiting login attempts.
Use up-to-date antivirus software – this should be used to regularly scan the systems and scan files downloaded from the internet before they are opened.
Network monitoring – use network monitoring tools and intrusion detection systems to look out for any suspicious activity.
The CISA, FBI, NSA, and International Partners joint advisory discourages paying ransom to cybercriminals and recommends following the CISA ransom response checklist and reporting to cybersecurity authorities such as the FBI, CISA, or the U.S. Secret Service. System administrators should also follow incident response best practices that can aid in handling malicious activity.
DisclaimerÂ
These articles are intended to provide general resources for the tax and accounting needs of small businesses and individuals. Service2Client LLC is the author, but is not engaged in rendering specific legal, accounting, financial or professional advice. Service2Client LLC makes no representation that the recommendations of Service2Client LLC will achieve any result. The NSAD has not reviewed any of the Service2Client LLC content. Readers are encouraged to contact a professional regarding the topics in these articles. The images linked to these articles are protected by copyright and should not be copied for any reason.