Needless to say ransomware and cyber attacks are increasing. One reason is that cyber criminals created infrastructure and process ready to launch when they find an easy target. It is called Ransomware as a Service (RaaS) which ransomware developers sell or lease their ransomware variants to buyers who then use them to perform an attack. This has opened the floodgates for anyone, skilled or not, to launch attacks on businesses, especially targeting those with less technical know-how.
Most commonly found and widely used ransomwares share some basic charateristics. They all target remote access control protocols and also technologies that are widely used by SMEs. As RaaS has to be effective and covers large potential victims, less popular technologies are not worth RaaS developers to build their business on. SMEs are limited in IT resources and should pay attention to the high risk issues. Here are three technologies that most vulnerable to ransomware attacks.
1. Remote Control and Remote Desktop
Most companies use remote desktop software to allow IT support personnel fixing system errors without physically travelling to the users' desk. However, remote control software like VNC or RDP is an easy target since the computer running these software usually is connected to Internet and can be found easily by scanning the network. Usually these remote control software use standard and well known TCP port (like port 3389) and can be easily identified by hackers.
Berkeley University Information Security Office wrote an excellent article on how to reduce risks when using RDP. Some steps are basic and everyone shall follow their suggestions.
2. Network Printer Services
Printers are usually shared in an office. The shared printer opens its network for each PC to connect, this can be convienent but at the same time can become a hotbed for computer virus. Printing spooler software in Microsoft Windows recently found to be vulnerable to remote attacks and US Govt Cybersecurity and Infrastructure Security Agency (CISA) released an emergency alert on 1st July to disable the Windows Print spooler service in Windows Server.
3. Network Attached Storage
Many SMEs are using network storage storage (NAS) products like QNAS or Synology. The NAS is like a large file server that can store daily files as well as backup files. NAS are not safe to connect to Internet directly, it is recommended to protect NAS system with a secure firewall. However, most SME office network do not have secure firewall for NAS. The lack of network control on NAS is the main cause of many ransomware attacks.
If your office is using these technologies, the risk of ransomware attack is higher than other companies. The risk is even higher if no action is taken.
Controlling the network access is the most effective way to stop cybercriminals from exploiting these technologies. By limiting what type of data can reach your computers, you have less worry about opportunistic hackers! You and your company don't want to be the low hanging fruit when cybercriminals are searching the Internet.
Network isolation is the most effective method as you significantly reduce attack opportunities.