Businesses of all sizes need to conduct good continuity planning. This can be challenging for small businesses due to limited resources. Part of continuity planning and disaster recovery planning is to evaluate the current threat landscape and possible geographic threats. The threat of ransomware is not a new threat, but one that has become increasingly damaging as organizations progress towards a paperless existence.
LabCorp was one recent organization that is dealing with the backlash of a ransomware attack. The attack began on July 14th and was successfully contained within one hour. This did not prevent a significant infection during that time when 1900 servers, of which 350 were production, were infected. LabCorp (2018) shared in a post-incident press release that security analysis found no evidence of customer’s personal data being compromised. The successful infection of the ransomware resulted from a brute force attack of the remote desktop protocol. Such a brute force attack might suggest that the organization did not implement strong password policies or did not conduct thorough password audits to ensure dictionary words are not used, or common passwords are used. Implementing multi-factor authentication for conducting remote access and administrative operations would be a start at mitigating an RDP brute force attack.
Another example of the impact of this strand of ransomware was the incident against the municipal networks of the city of Atlanta. In the case of Atlanta, the attack had a destabilizing effect on the government functions such as police records. The overall cost of the ransomware attack was over $2 million which was the result of security consulting experts, recovery and forensics experts, and IT support to help with the cloud infrastructure.
These two examples demonstrate the importance of implementing security best practices. Businesses are a significantly larger target than individuals, and as such, they should seek to implement stronger security controls to prevent unauthorized access. Just two of the configuration controls that should be considered is multi-factor authentication and a password filter that ensures strong passwords are used by all employees. To further learn about the anatomy of ransomware attacks check out the advanced blog.
LabCorp. (2018). LabCorp IT Security Information | LabCorp. Retrieved August 5, 2018, from https://www.labcorp.com/content/labcorp-it-security-information