Threats of ransomware on the rise globally — What you can do to cut risk

Do you remember a commercial with four out of five dentists recommending a brand? Or maybe eight out of 10 hairstylists commending a product? Well, in this case three governments have joined together to warn of increased threats of ransomware globally.  It’s a dangerous trend, but there are actions you can take to reduce risks and impact.

The U.S., Australia, and the U.K. pooled observed behaviors and trends to pen a report warning of “ransomware threat actors’ growing technological sophistication and an increased ransomware threat to organizations globally.” The results of their joint analysis was recently released by the Cybersecurity & Infrastructure & Security Agency.

Alert (AA22-040A), 2021 Trends Show Increased Globalized Threat of Ransomware, noted American agencies have observed incidents involving ransomware against 14 of the 16 U.S. critical infrastructure sectors, including:

  • Defense Industrial Base
  • Emergency Services
  • Food and Agriculture
  • Government Facilities
  • Information Technology Sectors

Meanwhile, ransomware has also targeted Australian infrastructure in the Healthcare and Medical, Financial Services and Markets, Higher Education and Research, and Energy Sectors. Education is a top sector attacked in the U.K. along with “attacks targeting businesses, charities, the legal profession, and public services in the Local Government and Health Sectors.”

Types of Ransomware Attack

The three cybersecurity authorities also shared several technical details about the ransomware attacks. Their findings suggest continued threats of ransomware in which cybercriminals:

  • Gain access via phishing, stolen Remote Desktop Protocol (RDP) credentials, or brute force
  • Use cybercriminal services-for-hire to expedite both the attacks and the payment process (Yes, ransomware threat actors are outsourcing payment negotiation and arbitration)
  • Share victim information with one another to enable follow-on attacks
  • Take advantage of holidays and weekends to attack
  • Use “triple extortion” with targets in which they threaten “to (1) publicly release stolen sensitive information, (2) disrupt the victim’s internet access, and/or (3) inform the victim’s partners, shareholders, or suppliers about the incident”
  • Target cloud service providers and exploit known vulnerabilities in cloud applications, virtual machine software, and virtual machine orchestration software

Particularly unnerving for our client base, the report also observed ransomware threat actors are targeting all sizes of business and managed service providers (MSPs) in particular. With trusted access to several client organizations, the MSP is a prime target because the initial compromise could mean access to multiple victims at once.

Threats of ransomware recognized globally

Beyond governments warning of the risk, the global business community is also anxious about the rising threats of ransomware. Allianz annually surveys 2,650 experts in 89 countries and territories, including CEOs, risk managers, brokers and insurance experts to develop its global and country risk rankings. Cyber incidents topped the findings at 44% of the responses for only the second time in the Risk Barometer’s history. Business interruption came in second at 42%.

Within the cyber incident category ransomware was “confirmed as the top cyber threat for the year ahead by survey respondents (57%).” We’ve all witnessed the widespread impact of recent attacks such as Log4J or Kaseya, or the Colonial Pipeline hack in the U.S.

“Ransomware has become a big business for cyber criminals, who are refining their tactics, lowering the barriers to entry for as little as a $40 subscription and little technological knowledge,” said Scott Sayce, Global Head of Cyber at Allianz Global Corporate & Specialty (AGCS) and Allianz Group.

Reducing the risk of ransomware

Despite the distressing predictions of growing threats of ransomware, you can take action to reduce the risk. Cut the likelihood of a ransomware attack by:

  • Updating all operating systems and software with security patches
  • Heeding all end-of-life notifications
  • Educating users about phishing and ransomware risks
  • Requiring strong, unique passwords
  • Implementing multifactor authentication
  • Backing up data regularly, securely

Pay particular attention to RDP by securing and closely monitoring these services. CISA called for RDP users to:

  • Limit access to resources over internal networks
  • Authenticate and secure the RDP connection to internal devices
  • Monitor remote access/RDP logs
  • Enforce account lockouts after a specified number of attempts
  • Disable unused remote access/RDP ports
  • Monitor all connections between third-party vendors and outside software or hardware and review for suspicious activity

Limit the impact of ransomware

Further, you can take steps to limit the potential impact of ransomware:

  • Control access to various subnetworks and restrict an attacker’s movement by segmenting networks
  • Implement end-to-end encryption
  • Log and report all network traffic to detect intrusions and investigate all abnormal activity
  • Enforce the principle of least privilege clearly defining and narrowly scoping authorizations
  • Restrict where accounts and credentials can be used
  • Encrypt all backup data
  • Support a Zero Trust model with time-based access for privileged accounts

Calyptix’s AccessEnforcer helps MSPs and small businesses avoiding exposing internal systems and applications directly to the Internet. This helps reduce threats of ransomware.

Our Gatekeeper feature provides identity validation (e.g. via active directory) to control access and requires 2FA authentication. Even then, access is segmented at the network level to offer protection without adding complexity. With Geo Fence, our users can also shrink the network attack surface and stop adversary reconnaissance, attacks, probes, scans, DOS attacks, and more.

The CISA alert may have focused primarily on critical infrastructure, but no one is immune from ransomware. Reduce risk of successful attacks with the many mitigations suggested in this article and the help of Calyptix Security’s affordable all-in-one AccessEnforcer solution.

Written by Calyptix

 - February 16, 2022

About Us

Calyptix Security helps small and medium offices secure their networks so they can raise profits, protect investments, and control technology. Our customers do not waste time with security products designed for large enterprises. Instead, we make it easy for SMBs to protect and manage networks of up to 350 users.
call us
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram