BRATISLAVA — ESET, a global leader in cybersecurity, today published its latest research white paper, titled “RANSOMWARE: A look at the criminal art of malicious code, pressure, and manipulation.” The report examines how dangerous ransomware has become due to the criminals’ psychological and technical innovation and offers advice on how organizations can best protect themselves. It also reveals the most widespread techniques used by malicious actors, focusing on three specific attack vectors: Remote Desktop Protocol (RDP), email attachments, and supply chain.
Ransomware gangs have misused the COVID-19 pandemic to expand their extortion and distribution toolkit, focusing on intrusions via publicly available misconfigured systems running Remote Desktop Protocol (RDP). ESET telemetry identifies RDP as one of the most popular attack vectors today, with detections surpassing 71 billion between January 2020 and June 2021. Unlike malicious files attached to an email, attacks via RDP use the ruse of legitimacy and thus fly under the radar of many detection methods, meaning fewer metrics and less threat awareness for businesses.
ESET telemetry also revealed that the Server Message Block (SMB) protocol, mainly used for file and printer sharing in enterprise networks, can also be misused as an attack vector via which ransomware can penetrate an organization’s network. Between January and April 2021, ESET technologies blocked more than 335 million brute-force attacks against public-facing SMB services.
As ransomware attacks are becoming increasingly targeted, it is essential that businesses are aware of the latest methods used by cybercriminal gangs and are prepared to respond. In addition to a proper setup of RDP and other cyber hygiene factors, the paper advises to employ an advanced endpoint detection and response tool such as ESET Enterprise Inspector.
The white paper also highlights recent high-profile attacks such as those on Kayesa and the Colonial Pipeline, and reflects on the costs inflicted by ransomware operators on businesses across the world. In light of those — and a plethora of other — ransomware cases, authors of the paper discuss the payment dilemma. They argue that while paying ransoms might restore some of the files, it offers no guarantee that cybercriminals will, or can, restore full access to data and that sending the demanded sum of cryptocurrency helps fund future crimes — which is also why a debate is underway about making such payments illegal.
Ondrej Kubovič, Security Awareness Specialist and author of the white paper, states: “Ransomware is currently one of the most potent cyberthreats to modern organizations, targeting all industries and affecting both the public and private sector. It is essential that organizations are equipped with knowledge and insight into the latest developments on the ransomware scene and that they build their defenses on cyber hygiene, proper setup and reliable security measures. Our white paper reflects ESET’s goal to stay one step ahead of malicious actors, offers actionable advice for administrators as well as their superiors and provides insight into security products that help mitigate the threat. We hope businesses find all of this useful.”
To read the ransomware white paper, please click here.
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.