By Steven Freidkin

One unexpected but substantial impact of the whole COVID-19 experience has been an increase in cyberattacks. If that doesn't make immediate sense, consider the fact that the pandemic forced many companies to shift the bulk of their operations online.

While all that increased connectivity allowed companies to mitigate business interruptions, the process has unfortunately created vulnerabilities for unscrupulous individuals and cybercrime organizations to exploit. The very technologies that enabled companies to make the offline-to-online transition, including email and remote network access, have also created increased opportunities for phishing and ransomware.

A particularly insidious consequence has been the rise of Ransomware as a Service (RaaS) offerings, online software platforms that provide kits and subscription services to allow almost anyone at home to launch their own ransomware attacks. All it takes is a quick search on the dark web and a nominal fee. The services even provide troubleshooting tips and Q&A forums.

With the new found ease of execution, there are specific industries that must remain extra vigilant in these insecure times.

Industries most at risk

Though RaaS attacks have been on the rise in general, a new report from Trellix found that the majority of ransomware attacks target three industries: banking and finance (22%), utilities (20%), and retail (16%). Clearly organizations in these sectors need to be extra vigilant as these attacks continue to proliferate.

Utilities are an especially vulnerable sector, since they provide particularly vital services such as electricity, water, and internet access. Due to the essential nature of these services, utility companies that find themselves under attack might feel particularly intense pressure to acquiesce and pay the ransom.

Because these RaaS platforms are so easy to use, it's becoming increasingly important for organizations to strengthen their cybersecurity protocols and institute good cyber-hygiene to avoid vulnerability. As always, prevention is the best line of defense.

How do the attacks work?

Companies that provide ransomware often specialize in a particular type of attack, such as malware or network penetration. They can either develop the software for their own use or package it and sell the technology to amateurs.

Phishing scams are the most common and simplest form of ransomware attacks. Phishing involves stealing data by tricking end users into clicking on phony hyperlinks, opening infected email attachments, or entering login information on a bogus website. One especially insidious type of phishing attack involves subjecting users to phony security warnings, which can appear very convincing and elicit hasty reactions from employees who aren't technical savants.

Attacks that exploit security gaps in Remote Desktop Protocols, or RDPs, are also growing in popularity. RDPs allow users to access company networks from a remote location. This allows all of a company's workers to gain access over the same network, which can easily be exploited by outsiders to gain access. And once a system has been penetrated, the RaaS provider might even sell access to that system to other buyers in their network.

Creating a line of defense

Protecting your organization from ransomware attacks starts from the ground up. Your employees are your best and most reliable line of defense.

Risk mitigation begins with an employee education program. Train your personnel to prevent phishing attacks by avoiding clicking on any link or attachment that appears even slightly suspicious. High-risk organizations should also require employees to complete cybersecurity training modules and use test simulations to see how employees perform in real-world scenarios.

Furthermore, corporations should employ protective software to detect and resolve infections before they become system-wide. It might also be wise to subscribe to verified threat-hunting software, which routinely scans your system to search for signs of infection or penetration, and provides an early warning to stop any attack in its tracks.

The most important and effective thing you can do is perform regular and complete system backups and store those backups in multiple secure locations. That way, even if your system is breached, you will still have access to vital data. Cyberattackers will have less leverage over your organization if backups of your data are easily accessible.

To pay or not to pay?

Even if you've taken every precaution, you could still find your organization infiltrated and your systems taken hostage. Attackers could, for instance, encrypt all of your data and require a ransom before handing over a decryption key. The problem is, that decryption key might not exist. The ransomer may not even have bothered to create such a key, as they are too busy launching additional attacks.

The FBI advises against paying ransomware attackers, since paying the ransom will only make you a mark for future attacks, and there's no guarantee you'll even regain access to your data anyway. Again, if your company engages in frequent system backups, you'll minimize any leverage that attackers might have, and you can restore operations with minimal losses. 

In the event of an attack, be sure to consult with a cybersecurity professional and local law enforcement to explore options for your next move. It would also be wise to enlist the help of a professional before an attack, to see if they can find any gaps in your system or holes in your lines of defense.

But ultimately, at-risk organizations must remain extra vigilant as the ease of launching RaaS attacks increases and advances in RaaS technology make a life of cybercrime accessible to more people.

##

ABOUT THE AUTHOR

Steven Freidkin is the CEO and founder of Managed Security Services Provider (MSSP), Ntiva and has over 17 years of experience within the MSP industry.