An article written by cyber security specialists, Kroll, not only highlights that ransomware incidents are becoming more frequent but that ransomware operators have implemented tactics that often make it much more difficult for companies to respond and recover.
Some of these tactics include the exfiltration and publication of stolen data which is a new trend that has become common practice in 2020. A ransomware attack may therefore not only have operational disruptions and financial consideration but may trigger regulatory obligations in the event of a data breach.
In 2020, professional services, healthcare, and educational organsations remain top ransomware targets. However with more of the global workforce working from home, Kroll observed that ransomware operators have increasingly looked for holes in remote desktop protocol (RDP) configuration or for vulnerabilities in VPNs that had not been patched. Interestingly, Kroll found that nearly half (47%) of ransomware cases it worked on so far in 2020 involved threat actors leveraging the RDP.
The recommended human-centered and technology-enabled strategies by Kroll also highlight how critical it is to prepare and be vigilant against a ransomware attack.
Remote desktop protocol (RDP), Microsoft’s proprietary network communications protocol, and virtual private networks (VPNs) have been frequent points of access for ransomware groups. In fact, recent research by Kroll observed that threat actors leveraged RDP in nearly half (47%) of Kroll’s ransomware cases so far in 2020.