Within the past year, several known threat actors have been actively employing ransomware by exploiting vulnerabilities to cause massive disruptions in major industries and gain huge monetary value. According to Cybersecurity and Infrastructure Security Agency (CISA), Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid. This form of attack can be devastating to an organization costing upwards of tens of millions of dollars, and even has the potential to severely affect portions of a country’s infrastructure depending on the industry. The three most common attack vectors of ransomware are Remote Desktop Protocol (RDP) compromise, email phishing, and software vulnerability. There are several mitigation techniques that can be used as preventative measures. One method of prevention, though not as well known, is to ensure that your RDP is secure by placing the RDP access behind a VPN or using a remote desktop gateway server, which will provide much better security for RDP connections. The other mitigation techniques are standard practice in the cybersecurity realm, which are; Ensure the use of Multi-Factor Authentication (MFA) for all active accounts, properly maintain and update OS and software on a system and network, install antivirus software on all devices that are associated with the company network, and do not open any suspicious links or attachments. Despite the normal practices, human error is still a factor in approximately 56% of all ransomware cases. It is important to also frequently back-up systems to an off-site network to make any damage much less significant in the case these attacks are successful.
