6 common mistakes that lead to ransomware infections

Ransomware is out of control, with some of the most significant ransomware attacks netting ransoms as high as $40 million. Beyond the immediate financial loss, ransomware infections can cause substantial reputational damage for many companies, and in the case of leaks of sensitive data, legal expenses.

The need for robust cybersecurity is more evident than ever — but is cybersecurity alone enough? There are several problems in how many of us think about cybersecurity that puts us at risk. This is very apparent when you look at the cause of most ransomware infections today — some are caused by classic mistakes which can easily be fixed, but truly effective security requires changing the way we think about cybersecurity in fundamental ways.

So with no further ado, let’s take a look at six of the most common mistakes that lead to ransomware infections.

1. Outdated and unpatched operating systems.

As cybersecurity threats intensify, the patches and updates to deal with vulnerabilities multiply along with them. Hackers scan the internet looking primarily for people who are running outdated software, so running an outdated operating system is kind of like waving a red flag and yelling, “Attack me!”

This doesn’t just include desktop operating systems but also server operating systems. Older Windows servers, in particular, are frequently targeted for ransomware attacks.

2. Lack of knowledge about social engineering.

Unfortunately, many of us think about cybersecurity as the domain of the “tech guys” or their cybersecurity team, but this is not the case. Strong cybersecurity is essential, but a large number of hacks today use social engineering methods like phishing. This is the most common attack vector used in ransomware attacks.

The reality is that a basic understanding of cybersecurity is becoming as essential to modern life as typing skills. Knowing how social engineering attacks occur and how to spot them is critical for everyone who uses a network. When it comes to organizations with large networks, the chain is only as strong as the weakest link.

For this reason, many organizations have started conducting phishing awareness training, where some common phishing techniques are explained, and employees are instructed on how to avoid them. It’s also essential to keep updated with new types of attacks used by hackers and regularly refresh employee training.

3. Lack of technical knowledge among business leaders.

The misconception that the IT guys can handle all aspects of cybersecurity is very dangerous. Cybersecurity literacy is especially important for senior management and decision-makers who are usually very busy handling other aspects of operations.

The problem is that many decisions that affect the structure of a company also have significant ramifications for cybersecurity. Business leaders must take charge of issues like anti-phishing training, the need to keep all systems and hardware up-to-date, and the legal and operational risks of different types of network architecture.

4. Remote Desktop Protocols with improper configuration.

After phishing, remote desktop protocols are probably the second most common cause of ransomware infections. The situation has gotten worse during the COVID-19 pandemic, as RDP use has gotten more frequent.

Believe it or not, the most common reason for RDP vulnerabilities is weak passwords. It’s easy for an attacker to scan for open RDP ports and then attempt brute force attacks. This can be prevented simply by using a strong password or configuring the RDP, preventing additional login attempts after a few incorrect attempts.

5. Keeping older hardware and firmware when updates are needed.

If it ain’t broke, don’t fix it. So the saying goes, but the trouble is that your hardware may be broken without you realizing it.

Some organizations see no need to upgrade older equipment that is working fine for their current operational requirements. However, in many cases, software producers will stop maintaining older software at some point. This means that if new vulnerabilities are discovered, they will not necessarily release patches.

This applies not only to hardware but also firmware. It’s essential to verify that all hardware and firmware is currently maintained and regularly updated to reflect patches, which may mean upgrading equipment. If you don’t and end up running outdated software, your network will look like low-hanging fruit for hackers.

6. Relying on antivirus software.

Ransomware gangs are growing increasingly sophisticated when it comes to evading antivirus software. Too many companies feel that their antivirus software protects them, but that’s true only to a limited extent.

While antivirus software may prevent some common viruses, it will probably not detect a highly targeted ransomware attack. Additional measures like network activity monitoring are required to detect unusual activity. Some AI-powered, next-generation antivirus software may be able to do this, but it’s usually not cheap.

A good ransomware defense requires a comprehensive suite of security features designed not only to prevent attacks but also to minimize damage when they do occur.

Just avoiding these six simple mistakes can dramatically reduce your risk of a ransomware attack. Hackers are thieves; generally, they’re usually looking for easy money and don’t want to work hard for it, so if you make things difficult for them, in most cases, they’ll go looking for some other victim.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.