A look at how cyber criminals break in
There was a report released some time in late 2018 that ransomware attacks were on the decline. That was 2018. According to a study done by McAfee late into 2019, ransomware more than doubled this year. The jump is alarming.
But how are these criminals able to get in so easily? Study after study and continued analysis shows that open RDP ports and brute-force entry into those ports are the favored method followed closely by compromised user interaction. While these may not always be preventable, they can definitely be mitigated.
The more you know. It’s a phrase we bandy about ever since the educational commercials of the 90s shot a star across our screens. There’s a reason the phrase has so much staying power; it’s true. The more you know about malware (malware includes ransomware but isn’t exclusive to it) the better you’ll be able to protect yourself.
RDP Ports… again
RDP information is easily obtained and cheap on the dark web. All it takes is for a hacker to stroll across an open port or brute force their way into one. Afterwards, they can sell their loot to anyone else wanting to cause a little mischief (or worse.)
It’s surprising how many businesses, government agencies, and schools are blissfully unaware of their RDP statuses until an attack happens. A few weeks ago, I was speaking with a gentleman who told me he leaves his open all the time so people can drop in when the need arises. He couldn’t figure out why his systems were locked up with ransomware.
It’s a growing problem and one PC Matic is looking to solve with our RDP Lifeline feature built into our Pro product. And for those of you who are concerned that the product isn’t offered in the home product, Windows home OS doesn’t have RDP capabilities anyway. (It’s easy to search your system to check. Type RDP into the search feature of your system if you’re unsure.)
As far as the brute force attacks leading to that RDP information? PC Matic users enjoy brute force lockout protection. They’re able to choose the threshold of what lockout procedures they want to enable. Anyone who tries more than the threshold is locked out.
Between brute force protection, closing RDP ports regularly, and having the ability to manage those ports even when away from a computer is a game changer feature in the fight against ransomware, and one that we’re proud to offer.
Compromised user interaction
We all have that one person in the office who is forwarding around the latest meme or an article on abandoned puppies. They’re usually the one clicking on anything that comes their way with a catchy title. They’re also usually the ones opening suspicious attachments or going to suspicious links.
Here’s where compromised user interaction usually comes into play. When you know what to look for in an email that you don’t recognize, it’s easier to determine if you think the link or attachment is safe to click.
Check out the time of day the email was sent (I, admittedly, work outside of normal 9-5 hours, but I’m not sending emails at 3am.). Check the sender information. An email from Apple Support is never going to come from [email protected]. And just use good judgement. You know thieves are out there trying to get your information. Don’t just hand it away.
Of course, you can also take a huge step towards protecting yourself from compromised user interaction by using a default deny approach like application based whitelisting. This is how PC Matic works. So if the meme dude at your office does click on that Extreme Memes of 2019 malware link, the program won’t be recognized and simply won’t be allowed to run.
The more you know
In the end, continued education on the topic of ransomware and other malicious threats is what’s going to help keep you safe. Unless you know RDP ports are a favored entry point, you won’t think to check them. Keep vigilant. Read more. And make sure you’re checking those links before exposing your company to a full system takeover.
For a list of ransomware attacks that have already taken place in 2019, you may click here. We have also created a map, see below, of the ransomware attacks that have taken place in the U.S.