Ransomware attacks with Remote Access Tools
You may have seen in the press that there are continuing Ransomware attacks and there is a recurring theme, in particular with Remote Access and Ransomware. Used to be that attackers encrypted your information, relying on the fact that either the backup schedules you had in place weren’t up to scratch or your disaster recovery / business continuity processes took too long to invoke. Either way they wanted the money and you hoped that if you paid, you got the key.
These days it’s about extracting the data before they encrypt it, they hold a copy of that data and they threaten its release, where that would not only be damage to your business reputation, but could cause some issues for customers if that type of data is released or sold on the Dark Web.
Businesses have had their data stolen before encryption, and they ended up paying the fee in the agreement that the hacker will not release the data. Here you rely on the word of a criminal and hope they don’t come back to you asking for more money.
Entry points for these types of Remote Access and Ransomware attacks, apart from email, can be through insecure Remote Desktop Protocol (RDP). It’s a great tool for your users, but if the right security measures aren’t in place, unfortunately it’s only a matter of time before exploit and it puts your business at risk.
Tips to help Protect Your Business
If you are a business that relies on RDP or remote access tools, we have a few hints to help keep your business as secure as it can be.
- Backup your data. Ensure its tested and working and look at the time you need for your business to recover. Can your business work with the recovery time you have?
- Use a multi-factor authentication. Tools such as Microsoft Authenticator or Cisco Duo to secure your RDP connections. Where it supports it, you should use Multi Factor Authentication to secure your data.
- Apply a Firewall that will limit the access to RDP to specific IP addresses where you can. This will limit the attack surface for hackers.
- Block IP addresses that fail multiple log-in attempts. We see some RDP servers having in excess of 30,000 authentication requests per hour.
- Keep yourself and your workers updated and educated about the latest threats and information.
- Invest in an effective Anti-Malware solution. One that has the ability to look at behaviour of applications and the ability to roll back an infection to a known good state.
- Monitor the darker sides of the Internet for chatter about your business, its domains or IP addresses. This may pre warn of you of an impending attack.