4 Ways Your IT Network Can Be Infected with Ransomware
Ransomware is one of the most dangerous forms of malware because it can bring a company to a screeching halt with zero access to their data or software.
This is a rising threat in Australia, with ransomware attacks being one of the major causes of data breaches during the first six months of 2020. According to the Office of Australian Information Commissioner (OAIC), breaches caused by ransomware rose 153.8% during this time, as compared to the last half of 2019.
Network IT security has to be multi layered because cybersecurity attacks can come from multiple vectors, with costly consequences.
How a Ransomware Attack Works
Ransomware is so damaging because it can quickly take a business offline entirely. It also spreads rapidly, looking for other devices or cloud systems that it can infect.
There are two main types of ransomware attacks, those that encrypt data so it can’t be read, and those that use other methods besides encryption to block a user from accessing their data.
Once a system is infected, it usually displays a ransomware message (the ransom demand note) that makes a ransom demand and gives the user instructions on how to pay the ransom to have their data access returned.
Companies that do not have all their data backed up and easily recoverable can end up having to pay the ransom and trust that the criminal will hold up their end of the bargain.
One recent ransomware attack earlier this year was on the logistics company Toll. It caused the company to have to turn off several systems and revert to non-computerised, manual processes, delaying their package deliveries.
The cost of a ransomware attack is approximately AUD$999,500 if the ransom isn’t paid, and about double that if the ransom is paid.
How Your Network Gets Infected with Ransomware (+ Safeguards)
Ransomware often takes advantage of software vulnerabilities that haven’t been patched. There are multiple variants of ransomware and different ones will exploit different software vulnerabilities. Some of these vulnerabilities are attacked for years after an update has been issued, because companies fail to properly update systems.
Here are three examples of popular vulnerabilities that ransomware exploits:
- CVE-2012-0158: An old vulnerability in Microsoft products that is exploited by the EDA2 and RASOM ransomware variants. As of December 2019, it was still one of the top 20 vulnerabilities being used.
- CVE-2019-19781: A vulnerability that affects remote access in Citrix apps. It is exploited by several ransomware variants, including Ragnarok, DopplePaymer, Maze, CLOP, and Sodinokibi/REvil.
- CVE-2018-8453: This vulnerability is in the win32k.sys component of Windows and it can allow a hacker to create new accounts with full user rights. It’s exploited by the Sodinokibi/REvil ransomware.
To protect against these types of software vulnerabilities, you should have a patch/update management system in place through managed IT services. This ensures that you have critical security patches applied in a timely manner, which will protect you from ransomware that exploits those code weaknesses.
Weak User Credentials
Another way that ransomware can be introduced to a system is by a hacker compromising a user account. Once inside a cloud account or a device through remote login, the hacker can introduce ransomware that quickly spreads throughout the entire system.
Password security is vital to preventing account compromise and the resulting breach issues. There are a number of ways to have a culture of strong credential protection, including:
- Using multi-factor authentication
- Setting software security policies that require strong user passwords
- User IT security awareness training
- Use of a business password manager
Website servers, especially those hosting WordPress websites that use multiple plugins, can often be compromised by ransomware. What then happens is the site can be turned malicious and anyone visiting the site can end up with a ransomware infection via a drive-by download.
You can keep this from happening to your own website by ensuring all plugins and themes are regularly updated. It’s also a good idea to use a Captcha on any administrative login forms or front-facing webforms.
To prevent your team from visiting compromised sites, you’ll want to have a DNS filter in place that will block these sites and redirect a user to a warning page instead.
Phishing is the #1 delivery method for all kinds of malware, including ransomware. They’ll use either a malicious file attachment or link to a compromised site. If the user is fooled into taking action on the email, their device and the entire network can be infected.
One of the most important cybersecurity safeguards you can put in place is phishing protection. This is done through a multi-pronged strategy that includes the following:
- User training to spot and avoid phishing emails
- Email spam/phishing filers to keep unwanted emails out of user inboxes
- DNS filtering to block malicious URLs
- Email security policies that can block dangerous file attachments and warn users before opening macro-enabled Microsoft files
Don’t Fall Victim to a Costly Ransomware Attack!
GKM2 can assist your Sydney area business with multiple ransomware safeguards to ensure your data stays protected.
Contact us today for a free consultation. Call +61 2 9161 7171 or reach out online.