Last week, the enemy claimed another victim: the city of Baltimore.
Falling victim to a ransomware attack, city systems and operations were crippled, a ransom was demanded and officials panicked to restore services. Most of these services are core functions of the city government that were affected.
Before the attack on Baltimore, in an eight-week rapid fire of attacks, the enemy targeted multiple cities including Washington, Pennsylvania; Greenville, North Carolina and Albany, New York. Multiple counties, as well as the Cleveland Hopkins International Airport, were targeted as well. They all fell victim to ransomware attacks, and, to be quite frank, those are only the ones that we know about.
Notably, in early March, ransomware crippled Jackson County, George, a rural county of 60,000. After discussions with the FBI and against their adamant recommendation to not pay the ransom, the county paid a whopping $400,000 ransom to regain access to their systems. Worse yet, despite paying the ransom, the attack and subsequent payment were national news. The ransomware industry was drooling as it became a harbinger of worse attacks to come. And the reality is that this is becoming a serious problem.
So how and why does this keep happening? While the answer is quite technical, it is also quite simple.
Businesses and governments frequently utilize RDP ports on their networks. These ports are used for off-site network and server maintenance and keep technology and maintenance costs low. However, while they prove to be advantageous, they are also a clear security hole. Culprits are essentially walking through the front door of networks through these open RDP ports.
Once through the port, we should keep in mind the monster breaches at Marriott, Experian, Yahoo, Sony, etc. These breaches exposed millions of people’s passwords, and we can all but assume that the enemy knows our passwords as well. With an open RDP port and our passwords readily available, the perpetrators now can enter the network on their very first attempt and ultimately take hostage its functionality.
Through using these tactics and once inside the network, the enemy can easily disable antivirus software and any relevant backup systems. From here, they have the full ability to infiltrate the network, and the time to do so can be measured in minutes. This is important to note because the time it takes them to go through the motions of the process is often much faster than the time it takes for the network owner to respond. That ultimately leaving the owner hostage, at the expense of those who infiltrated their network.
Considering this, there are a few things we should take away. First and foremost, market research indicates that many people — regardless of age, education level, or job type — rarely change their passwords. Most of the time, people also use the same passwords for work and at home. Since our passwords have been breached, a simple solution to this problem is to change our passwords regularly. In particular, our business passwords should be changed as well. When changing passwords, the new passwords should be a password that has never been used or compromised.
Outside of this, it’s also very important to recognize that the ransomware target has moved from the consumer sector to the business sector. With this in mind, business IT administrators should select antivirus software carefully. It is the crucial role of an antivirus system to identify and thwart the ransomware attacks. Despite their buzzwords and sales and marketing prowess, many old- school antiviruses are falling tragically behind the ransomware attack vectors being deployed today. A modern antivirus should detect and terminate a malicious RDP session automatically and proactively block unknown threats.
The media frequently refers to ransomware as a virus. In medical terms, a virus does not improve in its ability to infect and is rarely fatal.
Ransomware is more akin to cancer. Currently, it is metastasizing as it attacks different parts of our society with increasing frequency and skill. When a doctor comes to us with a diagnosis of cancer, our life is turned upside down. Frequently, with great frustration and sacrifice, we treat cancer aggressively even for a remote chance of thwarting the disease.
Ransomware is indeed cancer that we must address with a new urgency. If we can come to this simple realization, our long-term prognosis is good, and we can defeat this growing threat.
Rob Cheng is the Founder and CEO of PC Matic, a PC maintenance software program owned and operated by PC Pitstop, Inc.