Increased Ransomware on SMOs

Published On: July 21, 2022Categories: Cyber Briefs

In today’s SensCy Cyber Brief, the SensCy cybersecurity team is investigating the increase in ransomware attacks on Small and Medium Organizations (SMO) in U.S.

Although these cases don’t make the headlines in national news, SMOs are a primary target for ransomware groups. According to a report by ransomware recovery specialists Coverware, 82% of ransomware attacks target small businesses, and organizations with less than 1,000 employees are most at risk.

The SensCy team is observing a change in tactics, techniques, and procedures regarding ransomware gangs that will likely increase the number of attacks on SMO’s. The primary concern for ransomware gangs is media exposure that attracts the attention of Law Enforcement. By targeting SMO’s, these ransomware gangs can reduce their media exposure and risk.

Groups like H0lyGh0st, based in North Korea and allegedly state-sponsored, have been linked to attacks on large banks and crypto platforms. However, Microsoft released a deep analysis of their behavior, showing an increase in ransomware attacks on SMOs in the U.S. where they stole data before deploying the ransomware encryption to the SMOs infected systems. The SensCy team believes the current geopolitical landscape makes it highly likely for this trend to continue.

What vectors do the gangs use and how to protect your company?

The research by Coveware found that the primary ransomware attack vector used by ransomware gangs are Remote Desktop Protocol (RDP) – a tool used by IT to access an employee’s computer. The cause is often weak passwords on the administrator accounts, misconfigured endpoint security or phishing.

Protecting your data is crucial to recover from ransomware attacks, having your data backups separate from your network (offline, cloud) is a good starting point. You should also make sure that your backups are encrypted and that you have a recovery system in place that is tested regularly.

Strong password policies and consistent awareness training for your employees is also critical. Humans will always be the most valuable but vulnerable asset to your organization. Make sure to contact your SensCy Client Advocate for any questions about our cyber policy and awareness training platform.

To read the Coveware report, click here.

To read the Microsoft report, click here.

Related Posts