We have seen it over and over: a hacker takes over a company’s server and then the business has to pay up before they are able to access their computer systems. New data has shown that 205,280 organizations were targets of a ransomware attack in 2019. This is a 41% increase from 2018. In the last quarter of 2019, the average payment to regain access to company files was $84,116, which is more than double that of the previous quarter and is only expected to rise. Ransomware attacks have impacted factory operations, forced businesses to shut down and destroy basic infrastructures of companies.
But what might be most concerning is that when it comes to plotting these attacks, hackers actually work on them months in advance. With companies focused on day-to-day operations and business growth, how can you ensure your data is safe from these strategically planned attacks?
The Long Game
Not only has the coronavirus pandemic impacted health care systems worldwide, but ransomware attacks have only added additional stress. Hackers have identified hospitals and other healthcare providers as perfect targets for these types of system attacks, as there is an urgency to get life-saving systems back up and running quickly.
Long before COVID-19 fully hit, hackers were laying the groundwork for the attacks we are now seeing. Cybercriminals wait until a system is extremely vulnerable before infecting the system with ransomware. Most systems that are attacked are unpatched vulnerabilities in the victim’s web infrastructure that hackers are able to access using tools such as guessing passwords of organizations using Remote Desktop Protocol without multifactor authentication and exploiting known bugs in Microsoft SharePoint and widely publicized flaws in Pulse Secure’s VPN and in remote management features like remote desktop systems.
While ransomware attacks continue to be highly dangerous and costly, they are hard to trace. Many hacking groups use different techniques against different targets or copy other groups. Each group is also strategic in rotating their infrastructure, including IP addresses.
However, despite these attacks being sneaky and planned, there are ways you can prevent a ransomware attack and some best practices in case your company is a target.
How To Prevent An Attack
Over and over, we’ve seen companies pay outrageous sums of money to gain back access to their computer systems. The best defense to prevent these attacks is to patch current vulnerabilities, change easily guessable default passwords and expand system monitoring capabilities. Your organization should also check to see if they have alerts related to ransomware attacks. Malicious attacks that you should investigate include:
- Penetration-testing tools such as Malicious PowerShell and Cobalt Strike that allow attacks to blend in as harmless red team activities.
- Tools that can recognize new attacker payloads and stealing credentials, such as suspicious registry modifications or access of Local Security Authority Subsystem Services (LSASS).
- Using a security agent that tampers with a security event log to erase the chances of recovering data.
If your system is exposed to malware, it is suggested that you investigate all affected endpoints and credentials. Your business should also address internet-facing weaknesses before you rebuild your system. As we move forward into the digital age, cybersecurity should be one of your company’s top priorities.
MDL Technology Is Here To Help
Being a cognizant cybercitizen means protecting company data and preventing ransomware attacks. With systems getting hit with ransomware every 40 seconds, having security and a disaster recovery plan in place is necessary. Don’t leave your company’s data vulnerable to a damaging attack because you didn’t patch your network.
Your company’s security is our top priority. We offer services such as 24/7 support, network monitoring, offsite data backups, auditing and compliance and more to help ensure that you don’t need to stress about your team’s private information becoming public.
Learn more about the services we offer by visiting our website.