Our Thinking

Three of the most common reasons for ransomware attacks and 7 important factors you must consider


2021 has seen a steady rise in the number of cyberattacks and ransoms demanded by hackers. Ransomware is on the rise and Websites and Web applications are getting compromised every second. Fully understanding what ransomware is and the complications it can cause will save you money, time and headaches. Sadly, many organizations currently have an over confidence that ransomware will not happen to them until it is too late.

For those of you who may not know what is, ransomware is a type of malicious program that installs itself on a computer. Generally, it gets installed when you click a link within an email or visit an infected website. The program restricts access to the user’s computer until a ransom is paid to unlock the computer. Right now since the majority of people work from home using their home networks they may not be as secure as office networks, ransomware is on rise. This not only poses a huge threat to you but your organization as well. 

The Three Most Common Reasons Why Ransomware Attacks Happen. 

  1. Phishing Emails – About 50% of the billions of emails that are sent every day are spam and could easily be ransomware that can spread through a phishing email. In a phishing attack, you may receive an email from a known source like your bank with a link or an attachment asking you to take action. This link or that attachment program can install itself and spread like fire on your computer and then from there on your network. 
  2. Outdated Versions of your operating system, browser, or any kind of computer software. Outdated versions of software and operating systems can be exploited to infect computers that are using these softwares. Software providers are aware of the problem and are generally quick to release the patch for vulnerabilities detected in their software. However, it is up to you to upgrade your systems or browsers. The same is true for the upgrades to your mobile phone operating system, as well as your content management systems like WordPress. Be aware that these vulnerabilities can be exploited by hackers.
  3. Remote Desktop Protocols – The ease of having remote desktop protocols that enable us to connect to our computer from another location, especially in the virtual world where we live in today, is so helpful but it can be more dangerous for our systems. While the feature is quite useful, a poorly configured Remote Desktop Protocol could be exploited to spread ransomware. It is important to properly configure Remote Desktop Protocols by opening selected ports and forcing strong passwords and maybe two factor authentication. If it is not required, then it is actually a good idea to keep the remote access disabled. 

While considering your security strategy, it is important to factor the following

  1. Using Encryption: Ensure all your web properties of web applications use a 256 bytes SSL certificate. This will ensure all information from these web properties for flow via a proper encrypted channel. 
  2. Enable 2-Factor Authentication: Enable two factor authentication for all the applications used within an all within your organization. Now of course some apps may not support two factor authentication yet, but these two factor authentication should be enabled as soon as it’s available for the software that you’re using. 
  3. Browser and OS updates: Make sure your software browsers and operating systems are all up to date at all times. This itself can reduce a huge number of ransomware threats or any other kind of malicious threats that are possible on your network. 
  4. Password Governance: Ensure you have standards around setting passwords and reusing the old passwords within the organization. while pushing staff to change your password every 90 days may look annoying. However, it can provide an additional layer of security, especially when the staff moves on and new people join in. 
  5. Staff Training: Invest in training all the staff members on their responsibility when it comes to cybersecurity. The training should be reinforced using quizzes providing incentives, but it’s really important to control ransomware and these kinds of threats by educating your staff members. 
  6. Security Audits: Invest in regular security audits of your web application hosting servers, and of course laptops and computers. Most browsers now provide a cell for its features for compromised passwords. Remember, once your password is compromised it is compromised at one place. You may be one step away from a security incident. 
  7. Backup your data: Keep your association and nonprofits data backed up. This could give you the comfort and peace of mind in case of an incident.

In Cybercrime Magazine, experts estimated that a ransomware attack would occur every 11 seconds in 2021 but according to current data Cybercrime is up 600% due to COVID-19 Pandemic. Be prepared and keep this from happening to you. 

Reach out to us at 108 Ideaspace at any time to make sure you have all the information needed to keep your systems safe.