There’s a cyber threat that should be at the forefront of most organisations’ cyber security efforts: human operated ransomware. It consists of hands-on-keyboard attacks by financially motivated malicious actors, accessing internal corporate networks and deploying ransomware. They then use these to encrypt the organisation’s data, extorting them to pay a ransom to get their data and systems restored.
Why Human Operated Ransomware Attacks Are So Dangerous
These are more challenging attacks than more commonly recognised auto-spreading ransomware, for example WannaCry and NotPetya. This is because the people behind them are skilled professionals with plenty of knowledge about systems administration. They easily identify common system misconfigurations, relying on reconnaissance strategies and their human ability to adapt and evolve.
Long-running downtime is often a result of these attacks, while ransoms are negotiated and the data is held hostage. Unfortunately, when it comes to these attacks, having backup and recovery strategies in place is not sufficient. This is because they don’t prevent the theft of the data in the first place, which can then be leaked to the public or used for extortion. Organisations need to place a strong priority on preventing the attacks from happening in the first place.
Many organisations today have not taken steps to understand human operated ransomware, meaning their data is vulnerable. With more and more attacks happening across a wide range of industries, cyber security teams need to prioritise improving their existing plans to thwart them.
How an Attack Works
Typically, a campaign begins with an unsophisticated and mass-scale technique such as a large deployment of phishing emails. These can be effective because they’re often designated as unimportant, so remedies aren’t put into place and investigations aren’t carried out.
Once the malware is installed within an organisation, the attackers have access and can compromise the accounts and system. They use their skills to gain privileged access to the network, installing ransomware as widely as possible and extracting sensitive data to their own infrastructure. They then use this to extort the organisation they’ve hacked.
What Makes an Organisation Vulnerable to These Attacks?
Older Operating Systems: If all or part of your IT environment consists of out-of-support operating systems, they won’t have the modern security features to deal with these attacks. Using modern cloud-based SaaS applications within a company will minimise the likelihood of a human operated ransomware attack.
Poorly Configured Technology: A lack of awareness amongst staff around security best practice can often lead to unpatched vulnerabilities in internet-facing services. These can be taken advantage of by phishing emails, allowing ransomware to be established in the system.
Low Security on Privileged Accounts: Risky operating practices, insecure passwords and poor use of authentication mechanisms all assist ransomware operators in gaining access to privileged account.
Ineffectual Detection: From their initial access via a phishing email or similar method, attackers can often remain in a corporate network for a significant length of time if detection methods are poor or deliver too many false positives. This allows them to obtain large amounts of data at different levels.
What Practical Steps Can an Organisation Take to Improve Their Security?
Improve Employee Awareness: Training on how to recognise and deal with phishing emails could significantly boost the first line of defence against human operated ransomware.
Ensure Adequate Email Security: Email filtering can block malicious files and links as well as suspected phishing emails.
Use Web Filters: These will scan for malicious content and prevent downloading of suspicious files and malware.
Focus on Strong Passwords: The harder the password, the more difficult it is to crack. Establish enterprise-level password security and the malicious ransomware agents will struggle to get access to the data they’re after. Read more about password security here.
Enforce MFA (Multi Factor Authentication): Multiple level sign-ins add extra layers of security to the access process, blocking hackers if they don’t have access to a single level. Read more about this extremely effective security method here.
If you’d like to discuss further how to fortify your organisation against human operated ransomware, please get in touch with a member of the Smile IT team. We’re a Brisbane managed IT services provider who prioritise your peace of mind when it comes to cyber security.
Give us a shout today and one of our expert techs will gladly answer all your cyber security questions.
When he’s not writing tech articles or turning IT startups into established and consistent managed service providers, Peter Drummond can be found kitesurfing on the Gold Coast or hanging out with his family!