More Ransomware Attacks Spread as American’s Prep for the New Year
Over the last two weeks, as Americans were prepping for the holidays, cyber criminals were preparing for vicious cyber attacks.
On December 16, 2019, the U.S. Coast Guard issued a Marine Safety Information Bulletin confirming a cyber attack had taken down various parts of an undisclosed maritime facility. As a result, there was a disruption to the facility’s entire corporate IT network, camera and physical access control systems, and loss of critical process control monitoring systems. In an attempt to mitigate further damage, the facility shut down its primary operations for over 30 hours. During this time, a cyber-incident response was conducted. It was then determined the malware used in the cyber attack was the ransomware variant, Ryuk.
Fast forward to December 23rd, when hackers were able to infiltrate the networks of one of the nation’s largest managed service providers (MSPs), Synoptek. Once inside, the criminals were able to distribute ransomware to the MSP’s clients through an undisclosed remote management (RMM) tool. The ransomware variant that infected a subset of the MSP’s 1,178 customers was confirmed to be Sodinokibi. According to two company employees, the MSP did pay an unknown ransom amount in an attempt to restore their, and their clients’ networks as quickly as possible.
How to Avoid Ransomware Attacks
Ransomware attacks have continued to grow in both frequency and sophistication throughout 2019. In order for the public and private sectors to remain secure, PC Matic encourages the following:
- Secure RDP Ports – This includes disabling all unused RDP access points, scheduling remote access privilege, and authenticating the devices that are permitted RDP access to your networks.
- Deploy application whitelisting – With the use of this default-deny approach, only known trusted programs will be allowed to execute.
- Patch management – Ensure all operating systems and applications are up to date, ensuring known vulnerabilities are patched timely.
- Proper password hygiene – Users should not reuse passwords. Also, when creating passwords users should be deploying “complex” themes like capitalizing, adding numbers and special characters.
- Multi-factor authentication – Passwords aren’t enough to ensure your networks, devices, or programs are secure. Deploying two-factor authentication at various access points, like program, ports, and network levels mitigate cyber threats.