Looking back on the raging dumpster fire that was 2020, it comes as no surprise that the security landscape also heated up. Ransomware was particularly vexing, forcing today’s businesses, healthcare organizations, educational institutions and governments to be more vigilant. They had no choice, really: ransoms can reach millions of dollars per infiltrated computer network, and extortionists will wreak havoc on non-paying victims by publishing their sensitive data online.
For example, in mid-August 2020 thousands of businesses from different industries (including retail, finance, and e-commerce) received ransom notes from perpetrators claiming to represent Advanced Persistent Threat (APT) groups such as Armada Collective and Fancy Bear. The crooks threatened to knock the victims’ websites offline via DDoS attacks unless they paid 10 BTC (roughly valued at $320,000 as of January 2021).
This scorched-earth strategy, known as Ransom DDoS (RDoS), has been around since 2018 but remained mostly marginal until recently. In addition to exploiting APT groups, the criminals behind these long-running ransomware operations are beginning to expand their repertoire with similar threats.
In October 2020, malicious actors behind a ransomware family called SunCrypt used DDoS to bring down a victim’s site after initial payment negotiations broke down. The infected organization reportedly relented and, ultimately, made the ransom payment in the aftermath of the assault.
Moving Forward: How to Stay Safe in 2021
Although ransomware authors are thinking outside the box to boost their attacks, the prevention and mitigation techniques to thwart them are quite straightforward. The following 10 tips will help you enhance your organization’s defenses against this ever-evolving menace.
- Step up your email security: Configure the email service to filter out spam, phishing emails and messages that contain executables.
- Maintain backups: You can easily recover from an attack if you have up-to-date data backups in place. However, they will no longer save you from increasingly-widespread double extortion schemes that involve data leaks.
- Secure your remote desktop services: With RDP exploits gaining momentum among ransomware distributors, be sure to safeguard these services using two-factor authentication, limit the number of unsuccessful access attempts and restrict RDP sessions to a whitelisted range of IP addresses.
- Prioritize your data: Determine what information poses the highest value and protect it accordingly. For example, you can encrypt such data so that attackers cannot use it against you by leaking it to the public.
- Enable a firewall: Firewalls let you prevent ransomware from interacting with its Command & Control servers, requesting encryption keys and stealing your data.
- Beware of Microsoft Office macros: If you receive an email containing a Word or Excel file that says “Enable Content,” do not click on that button, and close the document immediately. This is an old trick aimed at executing malicious macros that will quietly download ransomware.
- Nurture your personnel’s security awareness: Educating your employees is half the battle—make sure they can identify a phishing attempt, follow safe authentication practices and refrain from opening suspicious email attachments.
- Use an antimalware tool: Although this seems like a commonplace precaution, trusted security solutions can pinpoint and block known ransomware strains before they cause damage.
- Leverage a DDoS mitigation service: This will add an important layer of protection against the escalating RDoS threat highlighted above. Combine an endpoint security solution with a cloud-based web application firewall (WAF) to stay in the clear.
- Keep your systems up to date: Not only do software updates bring new features, but they also patch known vulnerabilities that may be exploited to inject ransomware behind the scenes.
The bottom line? Ransomware poses a huge cyber threat to organizations, and it is only getting more dangerous. As ransomware's dynamic evolution continues, now is the best time to implement proactive defenses and become a more elusive target.