Ransomware attacks are back with a vengeance - SMEs are urged to focus on basic controls

Slipstream is seeing a significant uptick in ransomware attacks in recent weeks, after several months of cloud account takeover attacks being dominant. ?

?Some interesting early trends are emerging:?

• There has been a higher rate of failed ransomware code execution. The range of factors involved probably include attacker skills and haste. We’d like to think it was better hardening, but evidence of that is weak. ?
• Hive, Lockbit 2.0 and BianLian are prevalent however the number of variants out there has exploded. ?
• There is a marked increase in the targeting of Linux hosts. ?
• Initial access vectors often include the exploitation of remote access including RDP and VPN, and unpatched internet-facing infrastructure. Sadly, unpatched MS Exchange servers are still featuring. ?

To perhaps contradict what we are hearing others say, phishing is not the prime attack vector for ransomware.?While phishing drives most Account Takeover and Business Email Compromise attacks, preventing high-harm ransomware still comes down to sound infrastructure management. Hammering your users with "be on the lookout" messaging shouldn't be the priority. ?

Doubling down on some basic controls can help organisations survive the current wave:?

• Externally scan and / or penetration test your network. This is the fastest and least expensive type of pen test and can help identify key remote access vulnerabilities. ?
• Patch. Patch. Patch. Rely on the CVSS to prioritise. ?
• Ensure perimeter firewalls are configured to stop brute force attacks and MFA is enforced, noting that the default settings for account lockout (etc) are usually weak. ?
• Review user admin and service accounts, particularly the latter which are notorious for not having MFA, password sharing and infrequent password changes. ?
• Backup. Backup. Backup. 3-2-1+ principle applies. ?

There is of course lots more to ransomware prevention (ASD E8, NIST, CIS etc...) but these basics can make a huge difference. ?