Written by KnowBe4’s Stu Sjouwerman
The latest data from Coveware shows increases across the board in ransoms, downtime, and the average cost of an attack, mostly due to the increased use of the Ryuk ransomware variant.
Ransomware attacks are particularly bothersome, as they not only take up IT’s time to remediate, but they also impact an organization’s productivity and wallet. According to Coveware’s Q1 Ransomware Marketplace Report in just three month’s time, ransomware has taken an upturn in every aspect of the attack – changes definitely worth noting.
According to the report, three strains (Ryuk, Bitpaymer, and Iencrypt) have caused the rise in the cost of addressing a ransomware attack. Looking at Q1 2019 over Q4 2018, the following trends have appeared:
- Ransoms increased 89% from $6,733 to $12,762
- The average number of days to address an attack has risen from 6.2 to 7.3 days
- Downtime has risen 47%, resulting in an average downtime cost of $64,645
The good news is 96% of organizations paying the ransom received a working decryption tool.
Most ransomware attacks are the result of social engineering and/or phishing attacks. Educating users to spot these types of attacks using Security Awareness Training will help to significantly reduce the likelihood of initial attack success and, therefore, ransomware infection. If not social engineering, they are RDP attacks which you need to mitigate as well.
Five Things You Can Do About This Right Away:
- When is the last time you tested the restore function of your backups? You want to do that ASAP, and make sure you have weapons-grade backups at all times.
- Scan your network to identify any open RDP ports and ideally disable RDP completely on all Windows machines if possible. By default, the server listens on TCP port 3389 and UDP port 3389.
- Best practice to protect a network from a brute force RDP attack is to apply strong RDP security settings, including limiting or disabling access to shared folders and clipboards from remote locations.
- An RDP brute force approach does open the attacker’s information to the targeted network, so automate the process of parsing the Windows Event Viewer logs, find any compromised user accounts, identify the IP address of the attacker and block that.
- Do a no-charge Phishing Security Test and find out what percentage of your users is Phish-prone. Use that percentage as a catalyst to start a new-school security awareness training program, which—by survey—your users are actually going to appreciate because it helps them stay safe on the internet at the house. PS, the password is “homecourse”. It’s free.
Brand-New Ransomware Simulator Tool Now with Cryptomining Scenario
Bad guys are constantly coming out with new malware versions to evade detection. That’s why we’ve updated our Ransomware Simulated tool “RanSim” to include a new cryptomining scenario!
This new cryptomining scenario simulates a Monero cryptocurrency-mining operation on the local machine. Monero mining is the most popular cryptocurrency mined by real-world malware and takes a lot of CPU and GPU cycles to process the data necessary to generate the currencies.
Try KnowBe4’s NEW Ransomware Simulator tool and get a quick look at the effectiveness of your existing network protection against the latest threats.
RanSim will simulate 13 ransomware infection scenarios and 1 cryptomining infection scenario to show you if a workstation is vulnerable to infection.
Here’s how RanSim works:
- 100% harmless simulation of real ransomware and cryptomining infection scenarios
- Does not use any of your own files
- Tests 14 different types of infection scenarios
- Just download the install and run it
- Results in a few minutes!
This is a complementary tool and will take you 5 minutes max. RanSim may give you some insights about your endpoint security you never expected!
Don’t like to click on redirected buttons? Copy and paste this link into your browser: