Ransomware in 2020 and How to Lower Your Risk: Coronavirus Disease (COVID-19) Risk Advisory
Visit and bookmark the Oswald COVID-19 Resource Center.
In 2019, ransomware continued to be one of the biggest drivers for cyber claims. There are no signs that it will slow down in 2020. Claims typically unfold in this manner:
You discover a partial or complete lock down of the network has occurred and files are encrypted. You will receive a communication from the bad actor orchestrating the event demanding an extortion amount in crypto currency. They generally have a strict timeline for a response with a penalty of an increased demand. If your back ups are no longer viable it’s because they have been compromised as well. What do you do? You may decide to pay the extortion to get your business back up and running.
However, paying the extortion means you will hopefully receive the decryption codes. They may or may not work as expected. According to a Coveware’s Q4 2019 results, 16.2 days is the average number of days a ransomware incident lasts.
Risks of Remote Desktops
You can lower your risk to a ransomware incident by disabling or removing Remote Desk Protocol (RDP). This is an application that allows you to access and control the resources and data of a remote computer via the internet. According to Coveware, threat actors will gain access to an organization using Remote Desktop by searching the internet for systems that allow RDP logins and use software to guess weak passwords or obtain access to accounts with known or leaked credentials. Below are some strategies for preventing and mitigating RDP, according to Coveware and Microsoft.
- Confirm that all available security updates for VPN and firewalls have been implemented.
- Disable or remove remote services whenever possible.
- Do not allow remote access directly from the internet. Instead, enforce the use of remote access gateways along with a VPN that requires multi-factor authentication.
- Require separate credentials for any remote access services.
- Whitelist the IP addresses that are allowed to connect via RDP so that only trusted machines can connect.
- Deploy password lockout provisions to prevent a brute-forcing attempt.
Dual Factor Authentication (DFA)
Another way to lower your risk of ransomware is through Dual Factor Authentication (DFA). As mentioned in my previous post, Threats and Trends in Cyber Crime: How to Protect Your Organization, follow these steps:
- Turn on two-factor authentication for external access to all applications. If this is not feasible then enable the particularly sensitive ones such as email, 401(k) administrators, payroll or benefits providers, remote desktop protocol, and virtual private networks. Audit recent changes and confirm the changes over the phone or in person with your employees for the following:
- Direct deposit changes to issuing payroll
- 401(k) disbursements
- Educate and train employees about phishing. Consider simulated anti-phishing campaigns for your organization.
- Enforce strong password policies. Educate employees on the risks associated with reusing passwords.
- If your e-mail system permits, set up alerts for new forwarding alerts whenever they are created so that messages cannot be secretly diverted.
Think of your Cyber Liability policy as an outsourced disaster recovery plan
Strengthening internal controls is critical along with patch management, evaluating the life cycle of electronic devices, etc. However, a cyber incident can occur no matter how secure your organization is. A bad actor could socially engineer their way into your network or there could be a portal left open after a network transition. Having a cyber liability policy in place is a crucial risk transfer method for any organization. Think of it as an outsourced disaster recovery plan.
If you have any questions about what policy should respond or if you have adequate cyber coverage, please contact me here to further discuss.
Sources: (coverware.com, microsoft.com, coverware.com)
Note: This communication is for informational purposes only. Although every reasonable effort is made to present current and accurate information, Oswald makes no guarantees of any kind and cannot be held liable for any outdated or incorrect information. View our communications policy.