Increased Ransomware on SMOs

Published On: July 21, 2022Categories: Cyber Briefs

In today’s SensCy Cyber Brief, the SensCy cybersecurity team is investigating the increase in ransomware attacks on Small and Medium Organizations (SMO) in U.S.

Although these cases don’t make the headlines in national news, SMOs are a primary target for ransomware groups. According to a report by ransomware recovery specialists Coverware, 82% of ransomware attacks target small businesses, and organizations with less than 1,000 employees are most at risk.

The SensCy team is observing a change in tactics, techniques, and procedures regarding ransomware gangs that will likely increase the number of attacks on SMO’s. The primary concern for ransomware gangs is media exposure that attracts the attention of Law Enforcement. By targeting SMO’s, these ransomware gangs can reduce their media exposure and risk.

Groups like H0lyGh0st, based in North Korea and allegedly state-sponsored, have been linked to attacks on large banks and crypto platforms. However, Microsoft released a deep analysis of their behavior, showing an increase in ransomware attacks on SMOs in the U.S. where they stole data before deploying the ransomware encryption to the SMOs infected systems. The SensCy team believes the current geopolitical landscape makes it highly likely for this trend to continue.

What vectors do the gangs use and how to protect your company?

The research by Coveware found that the primary ransomware attack vector used by ransomware gangs are Remote Desktop Protocol (RDP) – a tool used by IT to access an employee’s computer. The cause is often weak passwords on the administrator accounts, misconfigured endpoint security or phishing.

Protecting your data is crucial to recover from ransomware attacks, having your data backups separate from your network (offline, cloud) is a good starting point. You should also make sure that your backups are encrypted and that you have a recovery system in place that is tested regularly.

Strong password policies and consistent awareness training for your employees is also critical. Humans will always be the most valuable but vulnerable asset to your organization. Make sure to contact your SensCy Client Advocate for any questions about our cyber policy and awareness training platform.

To read the Coveware report, click here.

To read the Microsoft report, click here.

Increase in Business Email Compromise – Why you need to protect your email
September 7, 2023
Categories: Cyber Briefs
In today’s SensCy Cyber Brief, the SensCy team is looking into a growing trend regarding email account hacking, email account takeovers, and Business Email Compromise [...]
ChatGPT and Phishing
March 24, 2023
Categories: Cyber Briefs
In today’s SensCy Cyber Brief, your SensCy team is investigating the potential use of the new Artificial Intelligence (AI) ChatGPT. In this brief, we will [...]
Bitwarden Phishing Attack
February 1, 2023
Categories: Cyber Briefs
In today’s Cyber Brief, SensCy analyzes a new phishing trend targeted at password managers, notably Bitwarden. Many users have found that Bitwarden password vaults were [...]

Increased Ransomware on SMOs

What vectors do the gangs use and how to protect your company?

Related Posts

Increase in Business Email Compromise – Why you need to protect your email

ChatGPT and Phishing

Bitwarden Phishing Attack

Client Resources

Platform Login