Businesses struggle with cybersecurity threats daily, and with the lockdowns caused by the COVID-19 pandemic, security experts are seeing an alarming rise in ransomware attacks. In fact, ransomware attacks rose by as much as 143% in March 2020. The spike can be attributed to businesses switching to a work from home setup as well as an increase in online transactions. This provided cybercriminals with new ways to target individuals and organizations with ransomware.
What is ransomware?
Ransomware is a malicious program designed to encrypt a computer's file system, thus preventing a user from accessing important data until a ransom is paid. This cyberattack can be costly for individuals and businesses because of the damages it causes, which include:
- Data loss
- Ransom payment
- Damage to reputation
- Loss of customers
- Expenses for data recovery
Signs of a ransomware attack
Ransomware attacks often catch people by surprise, but security experts say there are warning signs and indicators that hackers are trying to infiltrate your network. Here are the signs that your business is about to be hit by a ransomware attack:
1. Multiple login failures
Consecutive login failures on remote desktop protocol servers are a sure sign that hackers are attacking your network. This goes for multiple administrative login failures as well.
2. Network scanners on servers
Hackers start by gaining access to one computer. From there, they search for information such as company name, domain, the admin rights enabled on the machine they accessed, and so on. Then they will try to identify what else is in your network and how they'll be able to access it. They do this by scanning your network with scanning tools such as Advanced Port Scanner or AngryIP.
If any of these scanners are detected in your network, alert your IT staff or managed IT services provider (MSP) immediately. They'll investigate whether or not the scanners are being used legitimately.
3. Antivirus software being disabled
Once hackers gain admin rights to your network, one of the first things they will do is disable its antivirus software using legitimate software removal tools like PC Hunter, GMER, IOBit Uninstaller, and Process Hacker.
4. Detecting the presence of MimiKatz
The presence of the malware MimiKatz anywhere in your network must be investigated immediately. If your IT staff or MSP cannot determine who is using MimiKatz, it's a sure sign that hackers are trying to access your infrastructure.
5. Frequent patterns of suspicious behavior
Suspicious network behavior that happens in a repeating pattern or at the same time every day is an indication that something's wrong. These include malicious files that have been removed but mysteriously reappear, unauthorized port access, and changes to user access.
6. Test attacks
Cybercriminals will occasionally launch small-scale test attacks on your computers to see if the method of deployment and ransomware execution is successful, or is stopped by your security software. If your security tools successfully mitigate a test attack, the hackers will change their tactics and try again. This will give your IT team or MSP enough time to prepare for a potential attack.
7. Sudden rise of network traffic during off-hours
High network traffic during office hours is normal, but if you notice a sudden rise in traffic during the wee hours of the morning when no one is at work coming from unknown IP addresses, it's a clear sign of an impending attack.
8. Users are redirected to unknown sites
When users are automatically redirected to an unknown site, it's an attempt by hackers to steal sensitive information or plant ransomware into their computers.
How to mitigate a ransomware attack
Here are some cybersecurity best practices to protect your business from ransomware:
- Keep operating systems and software updated.
- Never open suspicious emails.
- Back up your data regularly, and store it offline or on a separate device.
- Restrict user permissions and implement the principle of least privilege.
- Use spam filters to prevent phishing emails from entering your employees’ inboxes.
- Configure your firewalls to block traffic coming from unknown IP addresses.
Ransomware is not going anywhere anytime soon, and the best way to protect your business is by partnering with a reliable MSP like Complete Document Solutions. Our cybersecurity services will detect and repel all types of malware including ransomware, and encrypt your website traffic and emails to ensure your data is secure. Call us now for a free network assessment.