Brute Force Ransomware Attacks are on the Increase: A Strong Password Policy is your Best Defence

John Grennan
Share on facebook
Share on twitter
Share on linkedin

Brute Force Ransomware Attacks are on the Increase: A Strong Password Policy is your Best Defence

Recent research by leading cybersecurity firms such as SonicWall, McAfee and F-Secure has found that brute force attacks are now the preferred means of spreading ransomware however, phishing emails remain popular. While several reports last year showed that ransomware was on the decline the news for 2019 isn’t so good. The image below from SonicWall shows that Ransomware is on the increase in 2019 with a recent report from McAfee showing that attacks that leverage file locking malware have more than doubled in 2019.   

Ransomware

The Attack Landscape H1 2019 report from F-Secure informs us that the most common delivery method for ransomware during the period was via remote desktop protocol (RDP) at 31% of cases. What these reports confirm is that ransomware hasn’t gone away and is once again on the rise, it’s simply how the victims are targeted that has changed

What is a brute force attack?

Brute force attacks are when hackers attempt to compromise servers and endpoints by using bots to enter as many passwords as possible. The best way to explain this is to use a Game of Thrones (GOT) battle scene analogy. Even if you’re not a GOT fan, you should still understand this and if you are a GOT fan then you’ll probably agree that the final season was a major let down. Anyway back to the battle; Throughout the shows run there were many battle scenes where large armies attacked seemingly impregnable fortresses such as the Battle of Casterly Rock. To break a fortresses defences, they would throw everything at it (including the odd dragon) in the hope of gaining entry by force. Your network is your fortress where you keep all of your valuable data and the passwords you employ act as sentries that guard against unwelcome entry. Having weak passwords is like having poorly trained sentries on guard. They only offer minimal protection and will be bypassed eventually.   

Best Practices to reduce the likelihood of a Brute Force Attack

While ransomware attacks should be a cause for concern for your organisation, preventing or at least greatly reducing the likelihood of an attack, is fairly simple.

  • Keep systems and application up to date: If you are a Windows 7 user then you should be aware that support, including vital patches and security updates, comes to an end on January 14th 2020. Read more about that HERE.
  • Password length: Best practice for password length is between 8 and 16 characters.
  • Password complexity: Complex passwords are very important. Don’t use easy to remember passwords such as password12345 or some variant of something familiar like your kids or a pet’s names. Passwords should be random and consist of UPPERCASE and lowercase and should also include numbers and special characters. The more complex the passwords the harder it will be to crack.
  • Website protection: In addition to the measure suggested above you should limit the login attempts to the backend of your website, use 2 Factor Authentication (2FA) with logins and enable Captcha on all website contact and signup forms.

C.U.B.E

Back in the summer of 2017, we published, Ransomware – The Complete Survival Guide, that discussed the history of Ransomware up to that point and steps you should take to mitigate against an attack. The advice given in 2017 is still valid and in particular, we recommend that you implement the C.U.B.E system.

  • Communicate with employees to develop a strategy to inform employees if a virus reaches the company network. The speedy dissemination of information is vital in stopping an attack or the continuance of an attack. Forget about them and us, the upstairs v’s the downstairs. It is every employee’s duty from the MD to the office intern, to quickly get the information out that the company is under a cyberattack.
  • Update all software, including operating systems, antivirus software and all other applications. Apply security patches as soon as they become available from technology providers.
  • Back-Up all information every day, including information on employee devices, so you can restore encrypted data if attacked. It is strongly advised that you use an online backup service
  • Educate staff on cybersecurity practices, emphasising not opening attachments or links from unknown sources. This may well be the most important step you should take as a business owner or manager. Ask your IT support provider to provide information on the latest threats to the business community. Better still have your IT support provider organise a training session with you and your team outlining what you should look out for to reduce your chances of attack and the steps you should take, should any of your systems, fall victim to an attack.

John Grennan – IT.ie