Ransomware: Signs that you are affected
For some time now ransomware-based attacks have been a few things that are really common.
Chances are that your organization will sooner or later be targeted by cyber criminals. This is not far-fetched in the sense that it is well known that cyber attacks can be targeted or sporadic. Therefore, you have to prepare.Not only to protect you but also to identify the signs that could mean you are indeed affected by a cyberattack.
This article will also interest you: Ransomware: a rise in attacks from health facilities in 2019
This is important in that, according to a recent study, about 100 claims are filed every day near insurance companies, including the main cause and ransomware-based attacks. Especially since we know that it takes about 60 to 120 days for a cyber criminal to organize such a cyberattack. In other words, there is a good chance that you may be infected with potential computer programs and that the cyberattack and surely underway.
For this, here are some indicators that will surely be useful to you.
1. Determine your rdP link exposure
As we know very well in a ransomware attack, the targeted computer system files are encrypted.To do this, cybercriminals must investigate and thoroughly study the system in question. And it can take a long time. However one of the main front door, is of course the RDP links (Remote Desktop Protocol) that remain open on the internet. "Look at your environment and understand what your exposure to RDP is, and make sure you have two-factor authentication on these links or that they are behind a VPN," said Jared Phipps, vice president of the U.S. security firm, SentinelOne. "The containment due to coronavirus has had an impact on this point. With the rise of telecommuting, many companies have opened RDP links to facilitate remote access. This paves the way for ransomware," he adds.
In other words and cyber criminals are still starting to analyze open RDP ports
2. the presence of unknown software on the computer system and the network
The second sign is to see the appearance of computer tools that are not known or mastered by the employees or the IT team. And that's understandable. From the beginning of the attack, hackers will see control of some PCs. Through this control they can simply proceed to the installation of malware. This can be network analysis detection tools such as AngryIP or Advanced Port Scanner. If you detect the use of these computer tools on your network, find out if the IT team is the instigator and user. If not, just get rid of it. It is not as uncommon to detect the presence of software such as MimiKatz, which is used by cyber criminals to steal certain credentials such as passwords for login credentials. Experts also talk about other applications that are useful for creating admin accounts. The idea is to be wary of these kinds of tools. Among many others are PC Hunter, IOBit Uninstall, Process Hacker, GMER. Cybersecurity firm Sophos warned: "These types of business tools are legitimate, but if they're in the wrong hands, security teams and administrators need to ask why they suddenly appeared in the information system. ». For his part, Jared Phipps of SentinelOne notes: "To avoid this, companies must look for accounts that are created outside the ticketing or account management system. ».
As mentioned above, it takes weeks or even months for all of this to be easily executed by cyber criminals. This means that the signs are necessarily visible. Just be attentive and do several analyses of your computer system.
3. Turning off Active Directory and destroying backups
Another obvious sign, the cybercriminal always disable active directory. It is then understood that the cyberattack is about to come to an end. But that's not all for the attack to be successful, it would also have to corrupt backups of such kinds that once the main information is encrypted, the organization cannot recover it as easily. "And then they'll hit you with the encryption attack," Phipps notes. According to cybersecurity firm Sophos, cyber criminals are also so bad to encrypt a few devices to make sure their plan works.
Given the above, the legitimate question to ask is how to stop cyber criminals if they manage to infiltrate the network. You just have to make sure that the software is constantly updated. Then we should make sure that the employees have good training. That they would not allow themselves to open emails from unknown recipients. The majority of cyberattacks according to specialists software security flaws as well as the recklessness of employees in their way of managing access to the system. In addition, passwords and login credentials must be changed regularly. This could be useful in some way. Always be on the defensive especially when you see new admin accounts appear.
Now access an unlimited number of passwords: