We have seen lots of changes in businesses due to the COVID-19 pandemic. As most companies are converting to a remote workforce, we have seen human-operated ransomware campaigns targeting healthcare organizations and critical services. To prevent these attacks, Microsoft “advises potential victims to prevent threat actors behind ransomware campaigns from being able to exploit the weaknesses they usually abuse to launch their attacks.”
Microsoft encourages companies to do several things to reduce the risk of becoming a victim of a ransomware attack. The Microsoft Threat Protection Intelligence Team says, “Applying security patches for internet-facing systems is critical in preventing these attacks.” As they have researched data about recent ransomware attacks they have found the following security gaps or common ways attacks infiltrate systems:
- Remote Desktop Protocol (RDP) or Virtual Desktop endpoints without multi-factor authentication (MFA);
- Older platforms that have reached end of support and are no longer getting security updates; and
- Misconfigured web servers, including IIS, electronic health record (EHR) software, backup servers, or systems management servers.
Organizations should be looking for signs of an active ransomware attack and if they find any signs, Microsoft encourages people to take the following actions:
- Investigate affected endpoints and credentials,
- Isolate compromised endpoints, and
- Inspect and rebuild devices with related malware infections.
To help people understand just how detrimental a ransomware attack can be, Microsoft reported that “after analyzing collected cryptocurrency wallets and ransomware ransom notes, the FBI said at this year’s RSA security conference that victims paid more that $140 million to ransomware operators during the past six years.” It is important for your business to be informed of the possible ways you may be at risk of a ransomware attack.
Microsoft wants you and your company to be safe from the detrimental effects of ransomware.