Top 10 Ransomware Scenarios: How Cybercriminals Are Entering Your Environment
Mitigate risk for your environment by identifying the top 10 ransomware infection vectors and how to protect them!
Ransomware Will Continue to Get Worse
Ransomware is a specific kind of malicious software used by cybercriminals to render data or systems inaccessible for extortion or ransom. In a standard ransomware attack, the cybercriminal achieves unauthorized access to a victim's network and installs the Ransomware in locations that typically have sensitive data. Then, they execute the attack and lock the files on that network – making them inaccessible to the victim until the ransom is paid.
Ransomware is becoming one of the most used cyber-attack methods to exploit your organization's data. Global headlines of increasingly damaging ransomware attacks are becoming more and more common – like the recent Colonial Pipeline attack. Organizations can combat ransomware by using infection vectors to identify the most common points of entry used by attackers. Infection vectors are the method in which a cybercriminal gains access or infiltrates your online network or systems to exploit private information. Once identified, an organization can adjust its security efforts accordingly – mitigating risk and potentially extremely costly ransomware scenarios.
Top 10 Ransomware Infection Vectors and How to Protect Them
As the most popular ransomware infection vector, phishing is an attack where cybercriminals attempt to steal your money, Identity, or data. Cybercriminals pose as established companies, friends, or acquaintances and contact victims through a fake email, telephone, or text message that contains a link to a phishing website – luring them to provide their personal information.
Defense Method: Enable Anti-phishing policies in Defender for Office 365. Use education to learn how to spot a phishing message and check a sender's credibility so that you don't open the message in the first place.
2) Third Parties and Managed Service Providers (MSPs)
Third parties and MSPs also pose to be an entry point for ransomware attacks. With the consistent increase in outsourcing today, third parties and MSPs are more common and may attempt to exploit the trusted partnership.
Defense Method: Multi-Factor Authentication should be deployed in your environment to ensure only the right users access the right resources. Focus on using a contract to outline security requirements and be careful with who you are trusting.
3) Weak and Stolen Credentials
If you are using weak passwords or are reusing passwords, an attacker can easily gain access to your environment just by being connected to your network. The ease of this point of entry for the attacker puts your organization at risk of Ransomware and exposing your private credentials.
Defense Method: Azure Active Directory Premium P2 gives an organization advanced identity protection and privileged identity management capabilities. Defender for Identity provides on-premises protection for identities. All points of entry should be covered – including a strong password or going passwordless with biometrics.
4) Remote Desktop Protocol (RDP)
Remote Desktop Protocol (RDP) is a network protocol that provides remote display and input capabilities over network connections on a server, allowing users to control a computer's data and resources through the internet. By using brute force methods or purchasing credentials on the dark web market, cybercriminals gain unauthorized RDP access and deploy Ransomware to the system.
Defense Method: Azure Multifactor Authentication can provide a layer of protection for traditional remote desktop applications, but there are some limitations in the user experience. Azure Virtual Desktop is a modern solution that seamlessly utilizes MFA to protect the entry point into your network.
5) Software Vulnerabilities
If your organization has gaps in its security or has any security weaknesses, cybercriminals can take advantage of those openings in any widely used software and gain control of your systems. Once they have control, they can make the system inaccessible and deploy Ransomware.
Defense Method: Software vulnerabilities are common. Implementing security updates regularly is crucial to stay ahead of attackers. Defender for Endpoint assesses vulnerabilities and will alert you when a patch is needed to improve security.
When there is an error in system configuration or setup/app server configuration is not disabled, cybercriminals can gain access to your data. As an easy point of entry for hackers, misconfigured devices are a great way for hackers to gain even more of your organization's sensitive information and exploit it.
Defense Method: Review your organization's configuration process, how you manage devices and identities, and utilize multi-factor authentication for accessing devices.
7) Drive-by Download
Malicious programs can be automatically downloaded from the internet without the user's consent or knowledge with a tactic known as "drive-by download". After download, malicious code can potentially run without user interaction – infecting the computer with Ransomware.
Defense Method: Defender for Office 365 helps users not click on risky links, and if users do click on something risky, then Defender for Endpoint helps protect devices and data against threats. Regular security scans and monitoring risks of end-user devices, education around best practices such as closing browser windows when not in use, and using security software to scan for unsafe links and websites.
Attackers can spread malware and initiate Ransomware through the use of malicious online ads. Also known as Malicious Advertising, Malvertising is used by including malicious code in ads and then paying advertising agencies to promote the ads online. Anytime a user clicks an ad, their system is exposed to this malicious infection and is at risk of Ransomware.
Defense Method: Defender for Office 365 helps protect against advanced threats and automatically investigates and remediates attacks. Education around trusting links, ads, and websites on the internet. Regular security scans and monitoring risks of end-user devices.
9) Human-Operated Ransomware
This is a large and growing attack trend, which includes a "hands-on-keyboard" attack. These attacks leverage human attackers' knowledge of common system and security misconfigurations to infiltrate the organization, navigate the enterprise network, and adapt to the environment and its weaknesses as they go.
Defense Method: All previous solutions help prevent human-operated Ransomware from being successful at finding weaknesses. Organizations must ensure they can rapidly restore backups and business processes, strengthen privileged access security, and prioritize the fastest and most effective mitigation of entry points.
10) Malicious Insiders
Cybercriminals can also gain access to your environment with help from your own employees. Often, unhappy employees and malicious insiders release their own company's sensitive and private data.
Defense Method: Data Loss Prevention protects an organization's sensitive data. Only give employees the privileges they need and the data they need. Additionally, monitor and flag suspicious behavior of devices, identities, or data.
How can Interlink help?
Strengthening your organization's security efforts is critical for preventing cybercriminals from entering your environment. Interlink's Security Workshop will help you assess your security landscape and address demanding security goals and challenges.
In the event that cybercriminals do gain unauthorized access into your environment, Cyber Insurance is necessary for covering the financial losses that may result from any cyber incidents. Interlink's Cyber Insurance Webinar will take you through how Cyber Insurance can help your organization to save money from any cyber-attacks that may occur, like Ransomware.
Interlink also recommends taking advantage of Metallic - an Office 365 Backup & Recovery solution. While Microsoft's data protection built into the platform is robust, human-operated Ransomware is targeting those backups. A layer of data protection managed outside the Office 365 platform is critical to protecting your organization from Ransomware. It has the added benefit of driving easier restores from accidental deletion or data corruption – reducing risk and saving your organization money. For more information on Interlink's Security Workshop, Metallic, or the Cyber Insurance Webinar, contact Interlink today!
About the author
Jimmy Smogor is the Security Practice Lead at Interlink. Jimmy started at Interlink over 8 years ago while in college and has developed immense expertise in the world of cybersecurity. He has expanded his knowledge of Microsoft Security to assist our clients by leveraging Microsoft’s security stacks, whether it’s a simple deployment of Multi-factor for sign-in or leveraging Defender for Endpoint EDR with Microsoft Sentinel for automated playbooks. Jimmy is continuing to grow his expertise in cybersecurity and the advantages of Microsoft Security.
Welcome to the Interlink Cloud Blog
All content provided on this blog is for informational purposes only. The owner of this blog makes no representations or warranties regarding the information from our partners or other external sources.