CryptoLocker-style ransomware viruses are on the rise again.
The City of Baltimore recently entered its fourth week without internet or email as a result of a recent cyber-attack. The culprit is ransomware – a type of malware that threatens to publish the victim’s private data or perpetually block access to it unless a ransom is paid.
There are two main ways people fall victim to this kind of scheme – either they click on a bad link online which installs a virus or hackers gain access to their user credentials and encrypt their data themselves. To get access to your files again you either need to pay the ransom or restore from backups.
How hackers gain access to your system
The best way to protect your systems is to stay vigilant – so it pays to know what techniques hackers are likely to employ:
- Using phishing emails to get user passwords.
- Using brute-force attacks on servers that are externally exposed – remote desktop/terminal server, email servers, web servers, etc.
- Trying credentials from another breach. Maybe your email and password were exposed in another breach. If those are the same ones you use for other accounts, hackers can potentially access all of them.
- By targeting systems and organizations that are using older systems or are slow to roll out updates .
- By tricking a company’s staff into clicking on bad links which install ransomware on their system.
What you can do to protect your organization
As well as knowing what to look out for, there are some basic steps that you or your IT department can take today to ensure you’re as safe as you can be:
- Use two-factor authentication on all accounts in your organization. This is the single best way to protect your organization, because even if hackers get working passwords, they won’t get in without the second authentication source.
- Change the remote desktop port (RDP) on externally exposed servers to be something non-standard (i.e. not 3389). Most hackers are looking for low-hanging fruit, and won’t spend the extra time it takes to find your non-standard RDP port.
- Ensure all accounts with remote access have a lockout and adhere to a password complexity policy to protect against brute-force attacks.
- Ensure you are running updates on a regular basis on all of your systems. Most exploits target vulnerabilities that have already been patched in recent updates.
- Ensure you have offsite backups that are secured with a separate account. There have been instances where hackers have deleted backups as part of their Cryptolocker attacks, making it impossible to restore access without paying.
- Use a cloud-based file sharing tool such as Dropbox, which has offers the option of rolling back your files/folders to a specific point in time. That way, you can restore to right before you were attacked with a simple phone call.
If you’d like to discuss any of the above, or would us to help make sure your organization is as protected as it can be, get in touch with Insource today. We can help put systems in place that mitigate the risks associated with ransomware and many other potential threats.
Email us at firstname.lastname@example.org, or call on (781) 235-1490.