Basic Mistakes are Causing Ransomware Attacks

While it doesn't come as much of a surprise, the majority of ransomware attacks are due to common security errors— like misconfigured cloud services, untested security tools, and the enablement of macros.

Recent findings from Microsoft, published in their new Cyber Signals report (based on anonymized real-world threat activity data) noted that over 80% of ransomware attacks come from cybercriminals exploiting these errors.

Many of these ransomware assaults begin with cybercriminals taking advantage of misconfiguration errors in software and devices. Some of the most notable errors include:

  • Allowing applications to run in their default states
  • Allowing broad, user-wide access across a network
  • Failing to properly configure and test security tools
  • Failing to properly configure cloud applications to prevent unauthorized access
  • Failing to follow Microsoft's attack surface reduction rules, which allow attackers to execute malicious code via macros and scripts

Unsurprisingly, ransomware attackers seek out the most vulnerable targets for ransomware attacks, often with the added threat of double extortion attacks, where cyber criminals steal sensitive data and threaten to publish it if they are not paid. The low-hanging fruit? These misconfigurations.

Ransomware-as-a-service (RaaS) platforms have helped the proliferation of ransomware, allowing hackers and other cybercriminals to extort payments and conduct attacks, even without extensive technical expertise.

RaaS kits can be found on underground forums or the Dark Net and are, unfortunately, quite simple to locate. Some of these ransomware kits are sold via subscription models, while others are based on affiliate models, where developers earn a commission on each ransomware decryption key sold. Customer support is included, ensuring that criminals have all the help they need to get started.

The RaaS market is extremely adaptable, with new threats appearing as old ones fade away. According to the report, Conti (one of the most notable and infamous ransomware operations) has shut down, and others have taken its place: LockBit, Hive, Quantum Locker, and Black Basta, to name a few.

While falling victim to ransomware or other cyberattacks feels inevitable, investing in cybersecurity tools— especially in the early stages of an organization's growth—can help prevent these calamities and other cyber disasters.

Not only should businesses test (and re-test) system configurations, regular security assessments provide insight into where gaps and vulnerabilities lie. While basic cybersecurity processes are helpful (like multi-factor authentication and antivirus), businesses should invest in more robust cybersecurity solutions. The best way to ensure cyber resiliency is to have a multi-layered security perimeter, a mature security posture, and a deep understanding of the business itself.

ContraForce is everything you need to manage cybersecurity with confidence.

Related Posts