Unfair exchange: ransomware attacks surge globally amid Microsoft Exchange Server vulnerabilities

By : Nata Kesuma | Monday, April 05 2021 - 17:45 IWST

Ilustration Microsoft Exchange Server
Ilustration Microsoft Exchange Server

INDUSTRY.co.id - Following the recent disclosure of vulnerabilities affecting Microsoft Exchange Servers, Check Point Research (CPR) has observed a global surge in the number of ransomware attacks.

In fact, since the beginning of 2021, there has been a 9% increase monthly in organisations affected ransomware. This uptick includes a 57% increase in organisations affected by ransomware in the past 6 months.

According to various reports and official alerts from the Cybersecurity and Infrastructure Security Agency (CISA) in the US, ransomware attacks are targeting Microsoft Exchange servers by leveraging previously exposed vulnerabilities.

In the last week alone, the number of attacks involving Exchange Server vulnerabilities has tripled. With over 50,000 attack attempts seen globally, CPR has observed that the most targeted industries are government/military, manufacturing and banking/finance.

The most affected country is the United States (49% of all exploit attempts), followed by the United Kingdom (5%), the Netherlands (4%) and Germany (4%).

Ransomware spikes globally

CPR has also observed the following trends in ransomware attacks:

In the past 6 months, there has been a general increase in the number of attacks involving human-operated ransomware, such as Maze and Ryuk, in which victims have to negotiate with the criminals that launched the attack.

In the last 6 months, there has been a 57% increase in the number of organisations affected by ransomware globally.

Since the beginning of 2021, the number of organisations affected by ransomware have been growing at 9% monthly.

In total, 3,868 organisations have been affected with ransomware

Ransomware Attack Attempts by Industry:
The industry sector most targeted by WannaCry is government/military (18% of total attacks). This is followed by manufacturing (11%), banking and financial services (8%) and healthcare (6%).

Ransomware Attack Attempts by Country:

The countries most affected by ransomware attack attempts are the United States (12% of all attack attempts), followed by Israel (8%), India (7%) and Japan (6%), while Canada, Spain, Mexico, the United Kingdom, China and Portugal each saw 2%.

WannaCry surges … again!

Worryingly, WannaCry, the wormable ransomware that made its debut four years ago, is also trending again, though it is unclear why.

Since the beginning of the year, the number of organisations affected with WannaCry globally has increased by 53%. In fact, CPR found that there are 40 times more affected organisations in March 2021 when compared to October 2020.
The new samples still use the EternalBlue exploit to propagate – for which patches have been available for over 4 years.

This highlights why it’s critical that organisations patch their systems as soon as updates are available.

Ransomware protection for your organisation
Below are some fundamental tips to keep your organisation protected from ransomware attacks:

Back up all data – One of most important actions to prevent ransomware from disrupting your operations is backing up your company’s data regularly. If something goes wrong, you should be able to quickly and easily revert to a recent backup version.

This won’t actively protect you from being the target of an attack, but if you’re ever attacked, the fallout won’t be nearly as devastating. Backing up data can help companies avoid having to pay ransom or suffer the ill effects of restoring systems back to a previous version.

Keep software updated – Ransomware attackers sometimes find an entry point within apps and software, noting vulnerabilities and capitalising on them.

Fortunately, some developers actively search for new vulnerabilities and patch them. Adopt a patch management strategy and ensure all team members are constantly up-to-date with the latest versions.

As mentioned earlier, WannaCry relies on unpatched systems to spread, yet the patches for the vulnerability it exploits have been available for 4 years – yet evidently many organisations have not applied these updates.

Utilise better threat detection – Most ransomware attacks can be detected and resolved before it’s too late. To maximise your chances of protection, have an automated threat detection system in place in your organisation.

Adopt multifactor authentication – Multifactor authentication forces users to verify their identities in multiple ways before they’re granted access to a system. This way, if an employee mistakenly gives their password to a cybercriminal, the criminal won’t be able to gain easy access to your systems.

Principle of least privilege (POLP) – Employees should never have more access to data than they truly need. Segmenting your organisation and restricting access can provide a kind of quarantine effect, minimising the impact of a potential attack and limiting the vectors of access.

Scan and monitor emails and file activity – Emails are the default choice of cybercriminals executing phishing schemes, so take the time to scan and monitor emails on an ongoing basis, and consider deploying an automated email security solution to block malicious emails from ever reaching users.

It’s also a good idea to scan and monitor file activity. Organisations should be notified whenever there’s a suspicious file in play before it becomes a threat.

Improve employee training – Most ransomware attacks are the byproduct of bad employee habits, or pure ignorance.

Someone may voluntarily give out their password, or may download an unfamiliar file to their work device. With better employee training, the chances of this happening are much lower.

Don’t pay the ransom – Finally, if your organisation happens to be the victim of a ransomware attack, don’t pay the ransom! It might seem tempting to get out of this bad situation as quickly as possible, but even after paying the ransom, there’s no guarantee that the attacker is going to be true to their word.

Anti-Ransomware Solutions – While the previous ransomware prevention steps can help mitigate an organisation’s exposure to ransomware threats, they do not provide perfect protection.

Some ransomware operators use well-researched and highly targeted spear phishing emails as their attack vector. These emails may trick even the most diligent employee, resulting in ransomware gaining access to an organisation’s internal systems. Protecting against this ransomware that “slips through the cracks” requires a specialised security solution.

In order to achieve its objective, ransomware must perform certain anomalous actions, such as opening and encrypting large numbers of files.

Anti-ransomware solutions monitor programs running on a computer for suspicious behaviours commonly exhibited by ransomware, and if these behaviours are detected, the program can take action to stop encryption before further damage is done.

News Comment

Today's Industry

Construction of RISHA housing units. Photo by: PR of Ministry of Public Works and Public Housing.

Selasa, 18 Mei 2021 - 23:05 WIB

Gov’t Builds Houses for Disaster-Hit Communities in East Nusa Tenggara

Ministry of Public Works and Public Housing has started the reconstruction of permanent housing for communities affected by flash floods and landslides in the Province of East Nusa Tenggara.

Coordinating Minister for Human Development and Culture Muhadjir Effendy and Minister of Transportation Budi Karya Sumadi (Photo by: PR of Ministry of Transportation)

Selasa, 18 Mei 2021 - 22:00 WIB

Transportation Minister Urges Passengers Passing Through Bakauheni Port to Take COVID-19 Antigen Test

In a bid to anticipate reverse flow traffic after Eid al-Fitr, passengers passing through Bakauheni Ferry Port are required to take a mandatory rapid antigen test prior to their departure as…

The signing situation of an offtake agreement, PT Citra Borneo Utama (CBU) and Grand Resources Group (Singapore) Pte, Ltd. (Photo: PT Sawit Sumbermas Sarana Tbk Public Relations)

Selasa, 18 Mei 2021 - 20:55 WIB

Citra Borneo and Grand Resources Sign Stearin and Olein Offtake Agreement

Pangkalan Bun - PT Citra Borneo Utama (CBU) and Grand Resources Group (Singapore) Pte, Ltd. (GRGS) virtually signed an Offtake Agreement for the provision of palm oil derivative products, namely…

Coordinating Minister for Economic Affairs Airlangga Hartarto

Selasa, 18 Mei 2021 - 20:01 WIB

Chief Economic Minister: Economic Recovery Continues in Q2

Indonesia’s national economy will continue to recover and show an upward trend in the second quarter of 2021, according to Coordinating Minister for Economic Affairs Airlangga Hartarto.

A virtual press conference on the anticipation of people mobility and prevention of the COVID-19 spread after Eid al-Fitr period, Saturday (15/05). Photo by: PR of Coordinating Ministry for Economic Affairs

Selasa, 18 Mei 2021 - 19:08 WIB

Gov’t Imposes COVID-19 Random Test, Mandatory Check Policy for Reverse Exodus Travelers

In a bid to anticipate reverse-exodus after Eid al-Fitr period and prevent the spread of COVID-19, the Government has announced it will impose a policy on COVID-19 random-test and mandatory-check…