Revealed: cybercriminals' top method for ransomware attacks

Revealed: cybercriminals' top method for ransomware attacks | Insurance Business

Revealed: cybercriminals

The chaos caused by the spread of the COVID-19 pandemic has been a bonanza for cybercriminals – in the rush to migrate operations online and have employees work remotely, many vulnerabilities were uncovered for these cybercriminals to exploit.

However, businesses are already wisening up and taking action. Boston-based commercial insurance provider Corvus announced the results of the first 20 weeks of its Corvus Scan version 2.0, which showed a dramatic reduction in ransomware claims both among new policies and its existing policy base.

According to Corvus, ransomware claims account for 24% of all cyber insurance claims and have been growing in frequency and severity. The average ransom demand was US$178,254 in the second quarter of 2020, up 60% from the previous quarter, as shown by data from Coveware, a leading ransomware incident response firm. Furthermore, more than half of all ransomware-related incidents started with a vulnerable remote desktop protocol (RDP) port.

How can businesses secure their RDP ports?
With RDP ports identified as the most common mode of entry by ransomware, Lauren Winchester (pictured), Corvus’s vice president of smart breach response, offered several tips on how businesses can secure these and prevent ransomware from entering their network.

“Fortunately, it is quite easy to secure RDP properly and there are free (or low-cost) steps an organization can take to protect itself,” she told Corporate Risk and Insurance.

“First, audit your network for systems using RDP, disable it wherever it’s not needed, and be sure to install any available software patches. For any system with an open RDP port that cannot be closed because it is actively used, place it behind a firewall and require users to use a Virtual Private Network (VPN).

“The next layer of defense deals with passwords: ideally multi-factor authentication (MFA) should be implemented for additional security, and strong passwords and account lockout policies should be enforced to defend against ‘brute force’ style attacks. Lastly, require any third parties accessing via RDP to follow the same policies used by the organization.”

Since the launch of the Corvus Scan 2.0 in April 2020, Corvus reported that the overall rate of ransomware claims has dropped 65%, from 26% of all claims to a rate among the new policies of 9%. New policies have registered zero RDP-caused ransomware claims during that time. Several Corvus policyholders, however, did experience ransomware caused by other vectors of attack.

“The results are staggering,” said Bill Siegel, CEO of Coveware. “This initiative not only helps Corvus policyholders avoid attacks, but decreases the available supply of stolen RDP credentials on the dark market. A decrease in supply directly translates to an increase in cost to the cybercriminals. It’s a perfect example of how insurance can serve its primary purpose of financial risk transfer, while also nudging the entire cyber ecosystem towards a safer place.”