Protecting Against Ransomware Attacks with Strong Password Policies

As the world becomes increasingly digital, organizations rely heavily on IT systems to operate their services. Unfortunately, cybercriminals have recognized this dependence and are capitalizing on it. In the past, computer viruses were used to disrupt target systems. However, with the development of modern attack tools, a new and more destructive criminal model has emerged – ransomware. Ransomware not only harms targeted systems but also extorts money from victims by encrypting their files and holding them hostage.

A recent report by Malwarebytes reveals that global ransomware attacks have seen a significant increase. In just one year, there were 1,900 ransomware attacks against the US, Germany, France, and the UK. The costs associated with these attacks are also predicted to rise. According to Cyber Security Ventures, by 2031, a ransomware attack will occur every two seconds, resulting in annual losses of around $265 billion (USD) globally.

Is Ransomware Exclusively Targeting Big Organizations?

While most recorded ransomware attacks have targeted big organizations in the past, this is no longer the case. Ransomware operators are now increasingly targeting small and medium-sized businesses, as well as individuals. For example, with the recent back-to-school season, ransomware attacks against schools have surged. Recorded Future reports that at least 27 schools and districts were hit with ransomware in August alone.

This increase in attacks against smaller entities is due to the rise of the ransomware-as-a-service (RaaS) business model. This model allows cybercriminals without technical skills to launch ransomware attacks. RaaS operators provide the necessary tools and infrastructure in exchange for a fee based on successful ransoms. This enables novice attackers to carry out devastating ransomware campaigns against various targets, contributing to the global spread of these attacks.

Recent Ransomware Attacks

Almost every day, we hear about major ransomware incidents impacting organizations. Here are some recent examples:

• The LockBit ransomware group targeted Oakland city in April 2023, resulting in the shutdown of 311 public services.
• The Royal ransomware hit the city of Dallas’ IT infrastructure, causing the suspension of numerous public services and exposing the personal information of 26,212 Texas residents.
• A ransomware attack against Harvard Pilgrim Health Care in April 2023 resulted in the unauthorized access of 2,550,922 patients’ medical data.

Ransomware gangs are constantly evolving their techniques to infect their targets and maximize profits. The lucrative nature of ransomware attacks has allowed hackers to invest in developing more sophisticated tools and methods.

Ransomware Attack Techniques

Ransomware operators employ various techniques to gain access to their targets. Some common methods include:

• Outsourcing initial access to target IT environments through phishing, exploit kits, or stolen credentials.
• Exploiting zero-day vulnerabilities in target security controls and applications.
• Using legitimate penetration testing tools like Cobalt Strike to deliver the ransomware payloads.
• Compromising websites and distributing exploit kits to visitors, allowing attackers to exploit vulnerabilities in their web browsers and operating systems.

One prevalent method used by ransomware operators is password-related attacks. The LockBit ransomware, for example, heavily relies on password-related attacks. These attacks include executing customized phishing campaigns, launching brute-force attacks against internet-facing enterprise applications, and purchasing stolen access credentials from darknet marketplaces.

Exploiting Weak Password Practices

Cybercriminals take advantage of poor password practices to exploit their targets. Some common methods include:

• Credential stuffing: Hackers use previously compromised username/password pairs to gain unauthorized access to other accounts where users have reused their credentials.
• Brute-force attacks: Hackers use automated tools to guess users’ passwords, such as John the Ripper and Cain and Abel.
• Password spraying: Attackers try a common password (e.g., default password) across a list of usernames to gain access to multiple accounts.
• Phishing attacks: Hackers create fake login pages that resemble legitimate websites to trick users into entering their account credentials.

Specops Password Policy offers comprehensive protection against ransomware attacks by addressing weak password practices. This solution extends the functionality of Group Policy in Active Directory and provides advanced password policy features, including:

• Custom dictionary lists to block commonly used passwords within your organization, such as company names and locations.
• Settings to prevent predictable password compositions, such as reusing parts of old passwords, consecutive characters, and incremental characters.
• Breached password protection by daily checks against known compromised password lists, blocking the use of over 4 billion unique compromised passwords.
• Passphrase support for stronger and easier-to-remember passwords.

As ransomware continues to evolve, organizations must strengthen their cyber defenses using a layered security approach. Enforcing strong password policies, such as those provided by Specops Password Policy, is a crucial step in preventing ransomware attacks. By blocking the use of compromised passwords, organizations can significantly reduce the risk of falling victim to these devastating cyberattacks.

Sponsored and written by Specops Software.