Ransomware attacks are on the rise, so how do organisations lessen the impact in the event of an attack? Wasabi cloud backups is one of the few cloud storage providers offering immutable storage – a way to protect your data against even the most determined cyber attackers. Learn more about ransomware attacks and the best ways to mitigate them in this blog post.
What are ransomware attacks?
Ransomware is a type of malicious malware that employs encryption to hold a victim’s information, data and systems ransom. It is designed to spread quickly across databases, applications and servers to paralyze an entire organisation, leading to significant downtime, loss of trust and revenue, and sometimes even legal implications.
How is ransomware deployed?
The majority of ransomware attacks are deployed via phishing campaigns. Chances are you’ve probably received phishing emails before – these are seemingly legitimate emails that can claim to be your banking institution, subscription or streaming services, PayPal, or even local government. Often these phishing emails will contain seemingly legitimate URLs (including .gov.au or .com.au addresses) that actually direct the victim to a malicious site, triggering the download of ransomware and malware. Alternatively, adversaries may attach what look to be trustworthy files (such as Word, PDF, Excel or ZIP files) that, once opened, immediately deploy malware across the victims network and files.
With phishing campaigns becoming more and more believable, the best way to combat them is through awareness. Users should know how to distinguish whether or not a URL is genuine – such as by hovering over the URL or expanding shortened URLs. When it comes to attachments, always ensure the sender’s email address is from a legitimate domain, and only open files sent by trusted sources.
A great way to promote phishing awareness in organisations is through security awareness programs, which often include simulations for users to better distinguish between legitimate and illegitimate emails. eStorm is partnered with Webroot, who can provide comprehensive security awareness training starting from just $20 per user, per year.
Remote Desktop Protocol (RDP) or other remote access
As more workers have been accessing organisation networks from home, we have seen a rise in RDP ransomware attacks. RDP is a popular protocol for access to Windows machines, with over 4.5 million RDP servers exposed to the internet alone, and many more accessible within internal networks.
Ransomware can be deployed by an adversary who has logged onto a system via RDP. Adversaries can scan for vulnerable RDP ports, and will then use brute force attacks to crack login credentials in order to sign in as administrators. Alternatively, they may acquire valid credentials via other malicious activity, or purchase established credentials through another threat actor.
Fortunately, there are ways organisations can secure RDP endpoints. These include changing default ports, enabling multi-factor authentication for remote access, and requiring network-level authentication for new users.
It is possible for adversaries to exploit backend vulnerabilities of legitimate websites, thus delivering malware to those who visit the compromised website. Vulnerabilities in websites allow adversaries to embed malicious code or redirect site visitors to a web page the adversary controls.
You can prevent drive-by downloads by using ad blockers, keeping up with system and software patches, and deleting unnecessary browser plugins.
How to defend against ransomware
The biggest defense against ransomware is to backup your data. While backups are not completely immune to attacks, a diligent program in which you have multiple backup points (both in the cloud and on-premises), and different recovery points (yearly, monthly, weekly, or daily) can significantly reduce the impact of a ransomware attack.
An important rule of thumb is the 3-2-1 rule. This means you should keep 3 copies of your data, with two backups on different media (such as your computer and an external device) and one off site – such as in the cloud.
Fighting ransomware with cloud backups
Many organisations have started using cloud storage as part of their 3-2-1 backup strategy. Not only do cloud backups provide an additional level of protection, but it is also less expensive than on-premises backup solutions.
Unfortunately, even cloud backups are not immune to ransomware attacks. Adversaries can gain access to cloud backup credentials via exposed remote desktop services, and can then delete previous backups held in the cloud.
Fighting ransomware with immutable buckets
Adversaries can still gain access to your cloud backups, so what can you do to stop them? The latest feature in cloud backups is immutable buckets (a bucket being the basic container that holds your data). Creating an immutable bucket means that any data written into your storage bucket cannot be deleted or altered in any way, by anyone, throughout its storage lifetime.
Wasabi is one of the few cloud service providers that provide immutability features. When using Wasabi immutable buckets, your files will be 100% safe from deletion or alteration even by a systems administrator (or an adversary who has gained access to system administration privileges).
On top of their immutable storage features, they also provide high speed recovery, predictable pricing, and no charges for egress or API requests.
To learn more about Wasabi’s cloud storage and backup solutions, visit their website.