ESET published its latest research white paper, titled “RANSOMWARE: A look at the criminal art of malicious code, pressure, and manipulation.” The report examines how dangerous ransomware has become due to the criminals’ psychological and technical innovation and offers advice on how organizations can best protect themselves. It also reveals the most widespread techniques used by malicious actors, focusing on three specific attack vectors: Remote Desktop Protocol (RDP), email attachments, and supply chain.
Ransomware gangs have misused the COVID-19 pandemic to expand their extortion and distribution toolkit, focusing on intrusions via publicly available misconfigured systems running Remote Desktop Protocol (RDP). ESET telemetry identifies RDP as one of the most popular attack vectors today, with detections surpassing 71 billion between January 2020 and June 2021. Unlike malicious files attached to an email, attacks via RDP use the ruse of legitimacy and thus fly under the radar of many detection methods, meaning fewer metrics and less threat awareness for businesses.
ESET telemetry also revealed that the Server Message Block (SMB) protocol, mainly used for file and printer sharing in enterprise networks, can also be misused as an attack vector via which ransomware can penetrate an organization’s network. Between January and April 2021, ESET technologies blocked more than 335 million brute-force attacks against public-facing SMB services.
As ransomware attacks are becoming increasingly targeted, it is essential that businesses are aware of the latest methods used by cybercriminal gangs and are prepared to respond. In addition to a proper setup of RDP and other cyber hygiene factors, the paper advises to employ an advanced endpoint detection and response tool such as ESET Enterprise Inspector.
The white paper also highlights recent high-profile attacks such as those on Kayesa and the Colonial Pipeline, and reflects on the costs inflicted by ransomware operators on businesses across the world. In light of those — and a plethora of other — ransomware cases, authors of the paper discuss the payment dilemma. They argue that while paying ransoms might restore some of the files, it offers no guarantee that cybercriminals will, or can, restore full access to data and that sending the demanded sum of cryptocurrency helps fund future crimes — which is also why a debate is underway about making such payments illegal.
Ondrej Kubovič, Security Awareness Specialist and author of the white paper, states: “Ransomware is currently one of the most potent cyberthreats to modern organizations, targeting all industries and affecting both the public and private sector. It is essential that organizations are equipped with knowledge and insight into the latest developments on the ransomware scene and that they build their defenses on cyber hygiene, proper setup and reliable security measures. Our white paper reflects ESET’s goal to stay one step ahead of malicious actors, offers actionable advice for administrators as well as their superiors and provides insight into security products that help mitigate the threat. We hope businesses find all of this useful.”