BRATISLAVA – ESET, a global leader in cybersecurity, today published its latest research white paper, titled “RANSOMWARE: A look at the criminal art of malicious code, pressure, and manipulation.” The report examines how dangerous ransomware has become due to the criminals’ psychological and technical innovation and offers advice on how organisations can best protect themselves. It also reveals the most widespread techniques used by malicious actors, focussing on three specific attack vectors: Remote Desktop Protocol (RDP), email attachments, and supply chain.
Ransomware gangs have misused the COVID-19 pandemic to expand their extortion and distribution toolkit, focussing on intrusions via publicly available misconfigured systems running Remote Desktop Protocol (RDP). ESET telemetry identifies RDP as one of the most popular attack vectors today, with detections surpassing 71 billion between January 2020 and June 2021. Unlike malicious files attached to an email, attacks via RDP use the ruse of legitimacy and thus fly under the radar of many detection methods, meaning fewer metrics and less threat awareness for businesses.
ESET telemetry also revealed that the Server Message Block (SMB) protocol, mainly used for file and printer sharing in enterprise networks, can also be misused as an attack vector via which ransomware can penetrate an organisation’s network. Between January and April 2021, ESET technologies blocked more than 335 million brute-force attacks against public-facing SMB services.
As ransomware attacks are becoming increasingly targeted, it is essential that businesses are aware of the latest methods used by cybercriminal gangs and are prepared to respond. In addition to a proper setup of RDP and other cyber hygiene factors, the paper advises to employ an advanced endpoint detection and response tool such as ESET Enterprise Inspector.
The white paper also highlights recent high-profile attacks such as those on Kayesa and the Colonial Pipeline, and reflects on the costs inflicted by ransomware operators on businesses across the world. In light of those – and a plethora of other – ransomware cases, authors of the paper discuss the payment dilemma. They argue that while paying ransoms might restore some of the files, it offers no guarantee that cybercriminals will, or can, restore full access to data and that sending the demanded sum of cryptocurrency helps fund future crimes – which is also why a debate is underway about making such payments illegal.
Ondrej Kubovič, Security Awareness Specialist and author of the white paper, states: “Ransomware is currently one of the most potent cyberthreats to modern organisations, targeting all industries and affecting both the public and private sector. It is essential that organisations are equipped with knowledge and insight into the latest developments on the ransomware scene and that they build their defenses on cyber hygiene, proper setup and reliable security measures. Our white paper reflects ESET’s goal to stay one step ahead of malicious actors, offers actionable advice for administrators as well as their superiors and provides insight into security products that help mitigate the threat. We hope businesses find all of this useful.”
To read the ransomware white paper, please click here.
About ESET
For more than 30 years, ESET® has been developing industry-leading IT security software and services to protect businesses, critical infrastructure and consumers worldwide from increasingly sophisticated digital threats. From endpoint and mobile security to endpoint detection and response, as well as encryption and multi-factor authentication, ESET’s high-performing, easy-to-use solutions unobtrusively protect and monitor 24/7, updating defences in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company that enables the safe use of technology. This is backed by ESET’s R&D centres worldwide, working in support of our shared future. For more information, visit our website or follow us on LinkedIn, Facebook, and Twitter.