Highly visible ransomware attacks have occurred since the start of 2019. At their most basic, ransomware attacks involve the introduction of malware onto a victim’s computer or server, rendering it unusable. The fraudsters will then demand payment from the victim in order to restore the systems. In recent months, major cities such as Atlanta, Baltimore, and Johannesburg have fallen victim to ransomware attacks. The ransomware attack to Baltimore is especially revealing as its impacts continue to be felt. While the mayor rebuffed the criminals’ demand for $76,000, an early projected impact of the attack stands at $18.2 million. To date, Baltimore has already expended nearly $4.6 million on recovery efforts.
Under this backdrop, it should not be surprising that the McAfee Labs Threat Report noted that ransomware attacks grew by 118 percent. Moreover, the FBI released a public service announcement earlier this month specifically outlining the dangers of ransomware attacks to businesses and organizations. Notably, the report outlines three techniques commonly used by criminals to introduce malware onto a victim’s system. First, criminals engage in phishing attacks where a malicious file is included in an email. While phishing used to be broad-based spamming, it appears these attacks are becoming more targeted. Second, the FBI notes that malware can be introduced via Remote Desktop Protocol (RDP) vulnerabilities. As background, RDP allows a user to connect with another computer over a network. Cyber criminals have been able to gain entry via RDPs by engaging in brute-force methods to obtain user credentials or by purchasing user credentials on darknet marketplaces. Third, criminals routinely take advantage of general software vulnerabilities.
The FBI also makes clear that should a business or organization fall prey to a ransomware attack, it does not recommend paying the ransom. In particular, paying the ransom does not guarantee access will be restored to its data and it also emboldens criminals to target other organizations. The FBI offers a series of ways to protect against ransomware attacks, including regularly backing up data on servers not connected to the networks they are backing up, instituting a centralized patch management system, and employing best practices for using RDPs.
The reemergence of ransomware attacks underscores that cyber criminals will continue to exploit any and all avenues at their disposal. To that end, organizations should continuously review the security of their networks against such attacks. In addition, organizations would be well-served in considering their cyberinsurance options since many policies provide services in the event of security incidents, including ransomware attacks.