You see it in the news all of the time. Businesses, Universities, Municipalities all getting hit with Ransomware. This has unfortunately become all too common, and these are not isolated instances.
All businesses are at risk of getting hit with a Ransomware attack.
MePush has been on the front lines of these high profile ransomware attacks working diligently since October of 2019. Our team has been flown across the country to assist companies in the recovery efforts after a Ransomware attack. We have worked with some of the top experts in the cyber security field, and through those relationships and the recovery efforts, have witnessed first hand how these attacks occur and unfold.
If you are an existing MePush customer, you have likely heard us talk about advanced cyber security solutions as well as other ways to reduce your risk of an attack. Cyber security solutions in addition to MMS (MePush Managed Services) are an extremely solid one two punch to maintaining security and productivity. Enjoy the below information that was gathered in concert with our partners regarding Ransomware attacks and two large attack vectors that can be addressed in addition to the EDR (Endpoint Detection and Response) and other cyber security tools to reduce the risk of Ransomware attacks.
What does a Ransomware attack result in?
Based on data through Q3 of 2019
- Average of 12.1 days of downtime
- $41,198 in ransomware payments (If needed)
- Extensive business interruption costs
So that begs the question, how can you be protected from a Ransomware attack? The short answer is you can never guarantee that an attack will not happen to your business, but the good news is that there are two key items that can be taken care of to reduce the attack risk by up to 90%.
Secure Remote Services (Reduction of up to 50%)
Now more than ever, companies are working in a remote first model. While this clearly provides a host of benefits, it also increases risks. The RDP (Remote Desktop Protocol) service specifically can be a large area of vulnerability when it comes to Ransomware attacks. Remote desktop is a common feature in operating systems, allowing users to log in and control one system using another system. Adversaries will use one of two ways to gain access to an organization using Remote Desktop.
- Search the internet for open RDP targets to then guess weak passwords
- Obtain credentials through a phishing attack and proceed to get RDP access to then navigate elsewhere in the environment.
The bottom line is that RDP, while convenient, poses a major risk and can instantly grant an attacker access to the environment. There are several steps that can be taken to reduce this risk, which are detailed below.
- Disable or remove remote services whenever possible;
- Do not allow remote access directly from the internet. Instead, enforce the use of remote access gateways along with a VPN that requires multi-factor authentication;
- Require separate credentials for any remote access services;
- Whitelist the IP addresses that are allowed to connect via RDP so that only trusted machines can connect;
- Deploy password lockout provisions to prevent brute-forcing attempts.
Deploy Multi-Factor Authentication to Administrative Accounts (Reduction of up to 40%)
Ransomware attacks often have several steps/components to them. The first is generally gaining access to the environment, and the second is moving around in the environment to access critical data/services. The previous recommendation regarding RDP addresses the first component, while deploying MFA (Multi-Factor Authentication) addresses the second component.
Multi-Factor Authentication is the policy/procedure of requiring more than one “Factor” to access a resource. A username and password combination is considered a single factor. Common secondary factors are push notifications, randomly generated codes and hardware keys. These secondary factors always require access to an alternate resource to either get the passcode or activate the hardware token. The reason that MFA is so effective against ransomware is simply because the attacker would need to not only breach the environment, but also would need to exploit the MFA method that is in place.
Oftentimes, in relation to specific pieces of software or hardware access, MFA is FREE, it just needs to be enabled. A third party application can also be implemented to supply MFA and identity management.
Have questions? Want to know more? Want us to perform an assessment of your environment and risks regarding a ransomware attack?