Data Theft Is Common In Ransomware Attacks
The Microsoft Threat Protection Intelligence Team has stated that almost all ransomware attacks are accompanied by data theft, even if the cyberattackers don’t explicitly state that they are stealing your information.
Ransomware attacks are a strain of cyberattack that is characterized by the intention to extort money out of victims by locking their sensitive data behind a ransomwall. Data on a victim’s computer is encrypted with an encryption key that is only known by the attacker. Once the data has been encrypted, it can no longer be accessed by the victim. The cyberattacker then demands a ransom payment, usually in cryptocurrency, to be paid for the safe release of the data.
While it has been known that ransomware encrypts data, it was a specific strain of ransomware called “Maze” that revealed that ransomware also has the capability to steal data from the victim’s computer. This particular strain of the malware threatens to publicize sensitive information if the victim does not pay the ransom.
How have ransomware attackers been infiltrating computers?
Microsoft’s Threat Protection Intelligence Team has discovered that many ransomware attackers exploit the same vulnerabilities in victims’ computers to install the malware.
1. Unsecured RDP Connections
Remote desktop Protocol, or RDP, is a Microsoft tool that allows for one computer to remotely access and control another computer. It is important to protect RDP connections with Multifactor Authentication (MFA), as without this, cyberattackers that get access to your credentials through brute force attacks will be able to hijack the RDP connection and infiltrate the computer.
2. Unpatched or Out-of-Support operating systems
A computer running an outdated operating system is no longer being repaired by the OS’s developers. This means that known vulnerabilities can be indefinitely exploited by cyberattackers. According to the Microsoft Threat Protection Intelligence team, some operating systems that are particularly vulnerable include Window Server 2003 and 2008.
3. Web Server Misconfigurations
Another vulnerability that is a common weakness exploited by cyberattackers is misconfigurations in web servers. A misconfigured server can allow for unknown actors to connect and access otherwise secure connections in order to install malicious software on a victim’s computer.
Don’t become the victim of data theft. It is important to configure and protect your network RDP connections. GIGE IT Solutions’ network experts have years of cumulative experience designing, deploying, and maintaining secure network connections. Call us at +1 888 366 4443 or email us at firstname.lastname@example.org to protect yourself immediately.