5 Ways Ransomware Operators Attack Your Organisation
The risk of cyber attacks for businesses and organisations in 2021 has more than doubled in comparison to 2020, and with over 50% of businesses experiencing breaches each year, it has become paramount to put security at the top of the priorities list.
Attackers and ransomware operators not only target systems and data, but they have also evolved to now target people in their ever-increasing efforts to get victims to pay their ransom.
Ransomeware has been on the radar for businesses for years, and due to the adaptive nature of attackers, it continues to thrive.
As the cybersecurity industry continues to advance, organisations have become better at backing up their data and being able to restore encrypted files from said backups. However, attackers have begun to evolve their approach and are demanding high ransoms in return for decryption keys and adding extortion measures designed to increase the pressure to pay the ransom.
Some of the tactics attackers use to coerce victims into paying, are ruthless and could potentially be more damaging to an organisation than a period of downtime.
Attackers often undermine their target’s relationships and reputation as means of blackmail and this can be both public and personal – both of which can be traumatic, detrimental and stressful for any company.
To help you improve your ransomware defences we’ve outlined some common pressure tactics attackers use below…
Stealing data and threatening to publish or auction it online
Attackers are publishing businesses stolen data on sites for competitors, customers, partners, the media, and others to see and exploit.
These websites often have bots that automatically publicise new posts, so there is little chance of keeping an attack secret. Sometimes, the attackers put the data up for auction on the dark web or among other cybercriminal networks.
However, the biggest worry for those victims could be the type of data that attackers steal. Sensitive information such as corporate and personal bank details, invoices, payroll information, details of disciplinary cases, passports, drivers’ licenses, social security numbers, and more, belonging to employees and customers.
Emailing and calling employees, including senior executives, threatening to reveal their personal information
Attackers call the media and victims’ business partners, providing details of the attack and asking them to urge the victim to pay. They commonly steal this information from the breach and drip information, in which to scare the victim, often the extent of the leak is not as extensive as they may bluff, however, the risk will always remain.
Phishing attacks targeting victim email accounts
Perhaps the most common threat, attackers target employees with phishing emails to trick them into installing an application that provides the attackers with full access to the employees’ email, even after they reset their passwords.
The attackers often use the compromised email accounts to email the IT, legal, and cyber insurance teams working with the targeted organisation to threaten further attacks if they didn’t pay.
Deleting online backups and shadow volume copies
During their reconnaissance of a victim’s network, most ransomware attackers look for any backups connected to the network or the internet and delete them so that the victim cannot rely on them to restore encrypted files, this can include uninstalling backup software and resetting virtual snapshots.
Often, these attacks come from what appears to be a verified account, so the vendor complies, however, at this point it is usually too late!
After breaching the organisation’s network, many ransomware attackers create a brand new domain admin account and then reset the passwords for the other admin accounts. Locking the administrators out, meaning they can’t log in to the network to fix the system.
Instead, they must set up a new domain before they can even begin trying to restore from backups.
What can you do …
The fact that ransomware operators have evolved and no longer confine their attacks to encrypting files that targets can often restore from backups shows the importance for defenders to take a broad approach to security. This approach should combine advanced security with employee education and awareness.
- Outsource I.T. security to a company like CSG and get 24/7 monitored network security
- Shut down internet-facing remote desktop protocol (RDP) to deny cybercriminals access to networks. If users need access to RDP, put it behind a VPN or zero-trust network access connection and enforce the use of Multi-Factor Authentication (MFA)
- Educate employees on what to look out for in terms of phishing and malicious spam and introduce robust security policies
- Keep regular backups of the most important and current data on an offline storage device.
- Prevent attackers from getting access to and disabling security: choose a solution with a cloud-hosted management console with multi-factor authentication enabled and Role-Based Administration to limit access rights.
- Establish a successful incident report plan – you can get ours HERE.
Utilising CSG’s managed support is an excellent way to protect your organisation from ransomware operators, we use leading software and our team of experts actively protect your files and data, to prevent attacks, or at least minimise damage.
If you’d like to work with CSG then please do not hesitate to contact us below … Tel: 0330 400 5465 Or book a FREE network audit with our expert team.