Back to Blog

pfSense, ransonware, networking

Common Ransomware Attacks and Mitigations

Common Ransomware Attacks and Mitigations

The prevalence of ransomware in today’s cyber security threat-landscape is undeniable. Year over year, we see an increase in potentially devastating ransomware attacks, many of which are launched against small businesses – these attackers are no longer targeting large enterprises exclusively. With this in mind, it’s no surprise that the threat of ransomware weighs heavily on the minds of IT administrators and business leaders alike. To further complicate matters, there is no one-stop-shop to mitigate the risk of such an attack. Security-minded administrators must work to minimize vulnerabilities in all of the systems they maintain, as well as train the end-users they support. Meanwhile, business leaders must choose to put their trust in IT best practices, even when increased security measures appear to conflict with operational efficiency. In reality, the steps needed to mitigate common vulnerabilities are relatively non-invasive and worth the effort for the peace of mind that they bring.

How does ransomware work?

The goal of the attacker is to gain unauthorized remote access to a network in order to distribute malware which encrypts business-critical information and brings operations to a halt. This malicious act is done in the hopes that the victim will pay a ransom to decrypt their data, so that operations may resume once again. While no method of gaining entry is off limits to the attackers, some of the most common attack vectors include phishing, software vulnerabilities, and Remote Desktop Protocol (RDP) exploitation.

How can you protect your business from ransomware?

Increasing end-user awareness is one of the most effective ways to combat phishing attacks. The value of training users to recognize the common signs of a phishing attack cannot be overstated. A proactive strategy employed by some IT administrators involves sending benign phishing emails to users in order to identify those who are most likely to click a fraudulent link. A more passive approach is to display a large warning banner on all emails that originate from outside the organization. In either case, user education is a necessary component in the effort to combat phishing. 

Software vulnerabilities provide another common entry point for attackers. The primary mitigation for these sorts of exploits is to stay up to date with security patches on all software and avoid running any end-of-life software on the network. It’s important to consider a product’s lifecycle and update frequency when choosing which software to run inside your network. Services that are exposed to the public internet, such as web servers, email servers, and VoIP systems, carry a particularly high risk of being targeted by attackers. For this reason, extra care should be taken to ensure that these systems are always patched with the latest security fixes.

In the age of remote work, administrators must give careful consideration to securing RDP Services running on their network. An all-too-common pitfall is to expose RDP to the public internet with the intention of enabling internal users to connect from home. Unfortunately, this approach provides attackers with an opportunity to brute-force a user’s password or obtain their password through a phishing attack in order to gain entry to the network. To mitigate this, a firewall, such as a Netgate® appliance running pfSense® Plus software, can be used to restrict access to RDP servers with a VPN. Remote staff can securely connect to remote desktop services using a road-warrior style VPN. User certificates can be used in combination with username and password authentication to reduce the impact of VPN credentials being phished. Branch offices can be connected via site-to-site VPNs so that all traffic between the sites is private and secure. To learn more about the road-warrior and site-to-site VPN capabilities of pfSense Plus software, see our documentation here on OpenVPN and IPsec VPN encryption.

It’s important to remember that protecting your business from ransomware doesn’t end with these mitigations. IT security is a continuous practice which should be tackled from all possible vantage points. Other steps such as segmenting your network, following best practices for backups, and applying the principle of least privilege all play critical roles in ensuring that your business is not only resilient against cyber attacks, but can also recover quickly in the event of a ransomware incident. Staying apprised of common attack vectors and applying the recommended mitigations is an important step in fortifying your business against ransomware attacks.

How is ransomware affecting you? Let us know on Twitter, LinkedIn, or the Netgate Forum.