If there is one characteristic that defines cybercrime today, it is the capacity to evolve and adapt to new environments and the ability to find ways of evading the cybersecurity measures taken by victims. Ransomware is no exception. One of the main features of ransomware as a threat, in addition to kidnapping data, is that it is constantly reinventing itself to persist over time and in effectiveness. This type of malicious software has evolved greatly since it began, and today there is a wide variety of families in existence, giving rise to new, more sophisticated strains.
We have recently witnessed how the actors behind PonyFinal, a new manually operated ransomware, launched a brute force attack against Microsoft Systems Management Server (SMS); the Nemty ransomware combined file encryption with blackmail by threatening to leak data or how, in the midst of the COVID-19 pandemic, NetWalker compromised various Spanish hospitals, kidnapping data and paralyzing infrastructure.
Sodinokibi has been the latest example, the Ransomware-as-a-Service (RaaS) that has been around since the end of 2019. By exploiting the CVE-2019-2725 vulnerability discovered on Oracle WebLogic application servers to encrypt the files of infected users, this ransomware became the most lucrative malware of the last quarter of 2019 and continues to make the headlines in 2020, targeting attacks on companies and stealing their data. Get all the latest information about ransomware here: The most advanced protection against ransomware attacks
Five key tips to protect your business from ransomware
- Keep systems and applications up-to-date. Most attacks succeed because the systems used by companies are not kept up-to-date, so the attack exploits security vulnerabilities. It is essential to keep software up-to-date.
- Take care with RDP. According to FBI data, between 70 and 80 percent of ransomware enters systems through RDP (Remote Desktop Protocol). To prevent this from happening, it is advisable to disable it unless it is strictly necessary.
- Zero-trust stance to combat phishing. In order to prevent ransomware from entering using phishing techniques, the starting point is a zero-trust position: if the sender is unknown, recipients should not open attachments or click links
- Remote backups. Many types of malware, including Sodinokibi, destroy backup copies on systems or devices. To avoid the most serious consequences, it is vital that companies have backup copies saved remotely which cannot be accessed.
- Advanced cybersecurity and protection on all endpoints. Ransomware is a threat that is difficult to counter if you don't have the right protection or follow the proper guidelines. With advanced cybersecurity solutions, such as WatchGuard Endpoint Security , it is possible to deal with this threat, protecting all endpoints and monitoring processes in real time to guarantee cybersecurity defenses,
In the present situation, it is essential that organizations are aware that threats can come in numerous forms and use advanced techniques. It is therefore not a question of designing defense mechanisms for a particular threat, but of having a comprehensive strategy that can analyze all processes run on a system and act before any potential vulnerability is exploited, paralyzing business activity.