You see it in the news all the time: businesses, universities, municipalities, and more, all getting hit with Ransomware. This has unfortunately become all too common, and these are not isolated instances. So who is at risk of a Ransomware attack?
All Businesses Are at Risk of Getting Hit With a Ransomware Attack
Airiam works on the front lines of these high-profile Ransomware attacks. Our team has flown across the country to assist companies in the recovery efforts after a Ransomware attack. We have worked with some of the top experts in the cyber security field, and through those relationships and the recovery efforts, have witnessed firsthand how these attacks occur and unfold.
If you are an existing Airiam customer, you have likely heard us talk about advanced cyber security solutions as well as other ways to reduce your risk of an attack. Airiam’s cyber security solutions in addition to Airiam’s other AirProducts are an extremely solid one-two-punch to maintaining security and productivity. The below information that was gathered in concert with our partners regarding Ransomware attacks and two large attack vectors that can be addressed in addition to the EDR (Endpoint Detection and Response) and other cyber security tools to reduce the risk of Ransomware attacks.
Results of Ransomware
Based on data through Q4 of 2021
- Average of 20 days of downtime
- $312,493 in ransomware payments (If needed)
- Extensive business interruption costs
So how can you be protected from a Ransomware attack? The short answer is you can never guarantee that an attack will not happen to your business, but the good news is that there are two key items that can be taken care of to reduce the attack risk by up to 90%.
Secure Remote Services (Reduce Ransomware Attack up to 50%)
Now more than ever, companies are working in a remote-first model. While this clearly provides a host of benefits, it also increases risks. The RDP (Remote Desktop Protocol) service specifically can be a large area of vulnerability when it comes to Ransomware attacks. Remote desktop is a common feature in operating systems, allowing users to log in and control one system using another system.
Adversaries will use one of two ways to gain access to an organization using Remote Desktop:
- Search the internet for open RDP targets to then guess weak passwords
- Obtain credentials through a phishing attack and proceed to get RDP access to then navigate elsewhere in the environment.
The bottom line is that RDP, while convenient, poses a major risk and can instantly grant an attacker access to the environment.
Steps to Reduce Risk
- Disable or remove remote services whenever possible
- Do not allow remote access directly from the internet; instead, enforce the use of remote access gateways along with a VPN that requires MFA (Multi-Factor Authentication)
- Require separate credentials for any remote access services
- Whitelist the IP addresses that are allowed to connect via RDP so that only trusted machines can connect
- Deploy password lockout provisions to prevent brute-forcing attempts
Deploy Multi-Factor Authentication to Administrative Accounts and Reduce Ransomware Attack up to 40%
Ransomware attacks often have several steps/components to them. The first is generally gaining access to the environment, and the second is moving around in the environment to access critical data/services. The previous recommendation regarding RDP addresses the first component, while deploying MFA (Multi-Factor Authentication) addresses the second component.
MFA is the policy/procedure of requiring more than one “Factor” to access a resource. A username and password combination is considered a single factor. Common secondary factors are push notifications, randomly generated codes, and hardware keys. These secondary factors always require access to an alternate resource to either get the passcode or activate the hardware token. The reason that MFA is so effective against ransomware is simply because the attacker would need to not only breach the environment, but also would need to exploit the MFA method that is in place.
Oftentimes, in relation to specific pieces of software or hardware access, MFA is FREE; it just needs to be enabled. A third-party application can also be implemented to supply MFA and identity management.
If you have question or want us to perform an assessment of your environment and risks regarding a ransomware attack, contact us.
