Skip to content. | Skip to navigation

Sections
You are here: Home News There is a new wave of ransomware attacks: find out how you can protect yourself
Document Actions

There is a new wave of ransomware attacks: find out how you can protect yourself

Ransomware attacks are increasingly sophisticated and can have serious financial and reputational repercussions. Learn more about this threat and how you can protect yourself from this and other types of malware.
Published on 2019-06-21

Several types of organizations across the globe have recorded a wave of ransomware type attacks. This threat results from an increasing sophistication of the intrusion methods used by hackers, and in some cases, the carelessness of victims regarding the security of their Information Technology (IT) infrastructures, as well as risky behaviour of their employees.

Security researchers have recently discovered a new botnet that is attacking vulnerable Windows systems with a Remote Desktop Protocol connection (RDP) exposed to the Internet. Called GoldBrute, this malware has compiled a list of more than 1.5 million single systems that can be hacked via brute force attacks, or by submitting credentials.

Over 2 million machines are at stake, and since GoldBrute is continuously searching for vulnerabilities on the web, the list of potential targets is constantly increasing. The interest of cybercriminals in RDP servers has increased since the discovery of BlueKeep, a critical flaw in the execution code of Window’s Remote Desktop Services (RDS).

Another latent threat, specifically targeting business environments is Ryuk, a type of ransomware that infiltrates the system, encrypting data and platforms, rendering them useless. This is an evolution of the Hermes ransomware, which has been used for precise and directed attacks, as opposed to the majority of ransomware, which is distributed systematically through mass spam campaigns.

Cybercriminals are increasing focusing on perfecting one single type of attack, with several groups dedicated to only one intrusion tactic. Since the development of malware, and the creation of emails for phishing purposes, or websites from collecting data on potential victims, several strategies are deployed in these attacks, which can seriously affect the operations of the businesses and organizations that are affected, with high financial and reputational costs.

 

Ransomware attacks due to lack of investment in security

 

The city of Baltimore, USA, is one of the recent cases that illustrates how saving in IT security can result in serious monetary and operational problems. A massive attack on the city hall’s IT infrastructure, on May 7th, brought several crucial municipal services to a halt.

The attack, based on a ransomware called “RobbinHood”, affected telephone lines and emails, the database used for municipal fines, and the systems used for water billing, property taxes, and motor vehicle taxes. This led to thousands of uncollected dollars. The mayor of Baltimore, Bernard Young, indicated damages of over 18 million dollars, in which 8 million concern payments that were not processed due to the attack.

Baltimore suffered millions of dollars worth in damages, having been targeted by a previous cyberattack in 2018 that affected the city’s emergency call system. The city hall apparently did not learn from its mistakes. An analysis of the attack, conducted this year, concluded that the cybercriminals exploited the fact that the city’s IT system was outdated in terms of its infrastructure’s security. The local media highlighted that the city hall neglected investment in its technological infrastructure, consigning only 2.5% of its annual budget for IT operations.

The attack on Baltimore occurred only a few days after the city of Atlanta suffered a similar ransomware-based intrusion that affected hundreds of software programs, many of which are critical for the city to function. In Atlanta’s case, the ransom request rose to 21 million dollars.

The two American cities are merely examples of what may occur in many other cases, with security experts alerting to the fact that similar attacks may occur worldwide, in other organizations and companies, due to lack of investment in security, or lack of awareness and interest in focusing on this aspect. Or simply by refusing to learn from others’ mistakes.

 

How to avoid a ransomware attack


The first step in avoiding a ransomware attack involves a thorough analysis of the IT infrastructure, to assess if it’s properly updated and protected against potential attacks. You can resort to a specialized external company, such as Eurotux, to conduct an independent and expert evaluation. This is the ideal procedure, because a disinterested view of the company’s reality allows for potential flaws and risks to be more easily detected.

Investing in state-of-the-art security solutions, capable of addressing the most sophisticated threats, is essential for avoiding a ransomware attack. Sophos, a Eurotux partner, offers the latest generation in security tools, such as the Sophos Intercept X, which is currently considered the most complete endpoint protection solution on the market. This solution is constantly evolving and improving, featuring deep learning neural networks that block threats and malware, including ransomware. The Intercept X Advanced with EDR (Endpoint Detection and Response) strengthens the security capabilities regarding detection and advanced analysis of threats, as well as solving incidents.

Sophos also provides the Intercept X for Servers, deploying a predictive security strategy, based on Artificial Intelligence to detect suspicious characteristics in potentially malicious code. Attacks on severs are very damaging to a company’s or organization’s operations, even more so than attacks on individual endpoints, given they store data that is vital for the business and/or activity. Sophos’ solution allows you to maintain operationality, assuring you with its capacity for constant learning and evolution.

Additionally, when an attack has already occurred, it is fundamental to guarantee the existence of validated security backups, allowing you to recover services to a coherent state. It is also crucial to strengthen the technical capacity to support and quickly recover the infrastructures, complementing the internal teams, namely, with a rapid response team with a skillset as strong as Eurotux’s team.

Each reality may demand different solutions according to the situation’s specific needs and characteristics. Eurotux provides analysis and consulting services within this scope, helping its clients to select the best tools for protecting their IT infrastructure.

If you’re concerned with your company’s security, don’t hesitate to get in touch with us.

Filed under: , ,