The word “ransomware” strikes fear in the hearts of chief technical officers. Their impulse in the face of an attack is to say it was random, but that’s usually not true. Targeted ransomware is the result of a complex process that involves more than just the initial infection – and it presents more challenges than a regular incident.
“Spray and pray” is a term used for malware that’s distributed indiscriminately, with the hope that people and companies make the mistake of falling for it. On the other side of the spectrums sits targeted malware, including ransomware, which is aimed at a specific company. While it’s riskier, a higher reward is expected if the attack succeeds. Having a hacking group concentrated on a single company requires a much more focused response, which can drain resources.
Most ransomware is deployed in one of two ways, through remote desktop protocol (RDP) attacks or phishing campaigns. The kill chain of both exploits same weakness, which is the human element. Bad actors might try to penetrate a company through brute-forcing RDP passwords, often obtained from data breaches, and there’s nothing more human than either choosing a weak password or failing to change the credentials after a data breach. Forgetting to patch known vulnerabilities in RDP is also a common mistake exploited by threat actors.
Phishing campaigns, especially targeted ones, rely on poorly trained employees who click on the wrong link or open tainted email attachments.
Hackers who deploy targeted ransomware are also more likely to ask for a reward that’s closer to what the company can afford to pay since attackers usually observe their targets long before the actual infection.
Having a multi-layered security solution that’s always on the lookout for infections or other types of threats is recommended, of course, but it’s never enough. Companies should train their employees so they can spot and report suspicious emails and practice proper security hygiene (strong passwords, use of encryption, and social engineering tactics.) Since security organizations and law enforcement recommend against giving in to ransom demands, it’s good practice to regularly back up critical assets.
Companies have to deploy complex and multi-layered security measures to cover all attack vectors and prevent malware to ever reach their destination. It’s not enough to have the endpoints covered; it’s just as important to implement network perimeter security solutions and email security as well, and these are just a couple of examples of possible technologies.
There’s no sure way to protect a company against targeted ransomware, but such cyber security incidents can mostly be avoided by training people to recognize the signs of a ransomware attack, to deploy the right protection for the company, to maintain backups for critical systems, and to keep all software and hardware up to date.