In 2019, ransomware continued to be one of the biggest drivers for cyber claims. There are no signs that it will slow down in 2020. Claims typically unfold in this manner:
You discover a partial or complete lock down of the network has occurred and files are encrypted. You will receive a communication from the bad actor orchestrating the event demanding an extortion amount in crypto currency. They generally have a strict timeline for a response with a penalty of an increased demand. If your back ups are no longer viable it’s because they have been compromised as well. What do you do? You may decide to pay the extortion to get your business back up and running.
However, paying the extortion means you will hopefully receive the decryption codes. They may or may not work as expected. According to a Coveware’s Q4 2019 results, 16.2 days is the average number of days a ransomware incident lasts.
You can lower your risk to a ransomware incident by disabling or removing Remote Desk Protocol (RDP). This is an application that allows you to access and control the resources and data of a remote computer via the internet. According to Coveware, threat actors will gain access to an organization using Remote Desktop by searching the internet for systems that allow RDP logins and use software to guess weak passwords or obtain access to accounts with known or leaked credentials. Below are some strategies for preventing and mitigating RDP, according to Coveware and Microsoft.
Another way to lower your risk of ransomware is through Dual Factor Authentication (DFA). As mentioned in my previous post, Threats and Trends in Cyber Crime: How to Protect Your Organization, follow these steps:
Strengthening internal controls is critical along with patch management, evaluating the life cycle of electronic devices, etc. However, a cyber incident can occur no matter how secure your organization is. A bad actor could socially engineer their way into your network or there could be a portal left open after a network transition. Having a cyber liability policy in place is a crucial risk transfer method for any organization. Think of it as an outsourced disaster recovery plan.
Sources: (coverware.com, microsoft.com, coverware.com)
Note: This communication is for informational purposes only. Although every reasonable effort is made to present current and accurate information, Oswald makes no guarantees of any kind and cannot be held liable for any outdated or incorrect information. View our communications policy.