Ransomware On The Rise
New research has found that ransomware attacks have doubled in 2019 compared to 2018. So ransomware attacks are on the rise again.
If that’s not startling enough, hackers are using your own passwords to infect your systems with ransomware.
What Is Ransomware?
Ransomware is a type of malware that hackers use in Cyber-Attacks against your business. Ransomware encrypts your files and then the Cyber Criminals demand a ransom payment in return for a decryption key. They will promise to decrypt your encrypted data after the ransom is paid but rarely do.
There are many different types of ransomware infection, with ransomware-as-a-service becoming more popular – this is a pre-packaged, easy-to-launch virus sold on the dark web for novice Cyber Criminals.
Other forms of ransomware include the infamous WannaCry attack which hit the NHS and other global businesses and Locky, which has been around for a long time.
Ransomware – Common Attack Methods
In a recent report, security researchers analysed ransomware attacks on honeypots – servers designed to be appealing to hackers – during the first six months of 2019.
The research found that brute force attacks, whereby hackers attempt multiple logins using common or leaked passwords to break into accounts, overtook phishing and spam emails as the number one vector for infecting a business with encrypting ransomware.
31% of all ransomware attacks were the result of brute force attacks against Remote Desktop Protocols (RDPs) which, if unsecured, allow hackers to gain access to your business network and infect your servers and PCs with ransomware.
The increase in brute force attacks should be a wake-up call to businesses using weak or common passwords to secure their critical business systems. Organisations should address their risk management policies to ensure sensitive information is protected against ransomware viruses.
What Is The Best Defence Against Ransomware?
Hackers will try to use the most common passwords, as well as those leaked in data breaches, to essentially hammer your systems with credentials until one works. But if you think you’re safe because your credentials have never been leaked, or your password is complex and uncommon, the hackers can still get around that.
We wrote a detailed Guide titled The 9 Cyber Threats You Should Know About, to make sure our customers are aware of the different ways it is possible for your passwords or security to be at risk. You will find out that employees are often the weakest link when it comes to passwords and the impact is so bad it will be predicted passwords as we know them will be dead I the coming years.
You might look at that last statement and feel a little hopeless; surely, in that case, they can crack any password? But you’d be wrong. The key to your passwords is not complexity or how uncommon it is, but length. That’s why we recommend passwords that are long but not necessarily jammed with complex characters; think of phrases you’ll definitely remember.
Depending on your password length, it may take billions of years to crack and you can find out more about that in our guides.
It’s also critical to never re-use passwords. If, for example, you used your highly secure password for your Yahoo account, which was breached, and re-used it for another service, hackers could easily crack that service too. By adopting a password policy of using memorable phrases with no or limited complex characters, you’re far more likely to remember individual passwords and, thus, not feel the need to re-use them.
How Do I Protect My Computer Against Ransomware?
This isn’t to say you should focus solely on creating strong passwords to ensure good cybersecurity. While phishing emails are no longer the primary vector for infecting victims with ransomware, they still account for a quarter (23%) of all successful attacks. The other 46% include compromised firmware attacks, the download of fake installers and hacking software. These attacks can steal credit card data which can result in identity theft.
The key to good information security is to make sure you have the right security installed. While you must ensure you have secure passwords on your critical systems, it also evidences how many different methods hackers will use to infect your business systems and extort money out of you.
We strongly recommend you don’t pay the ransom if the hackers demand payment, as it’s very unlikely you’ll get your data back.
We strongly recommend you review your own password policies to avoid falling victim to a brute force attack that could see hackers gain access to your internal systems and feasibly infect your entire network with malicious software. But don’t forget to train your staff on spotting phishing emails or preventing the download of innocent-looking applications that could stealthily install malware, too.
Don’t know where to start? Why not talk to CHTSI’s highly qualified security experts to understand how best to protect your business.
Alternatively, book an appointment below or complete our ticket form.