Ransomware Can Cost You… How to Make Your Organization More Secure

Ransomware is a major threat for organizations of all sizes, including health care organizations.

The number of cyberattacks taking place every year is surging, and organizations need to take adequate precautions to prevent these attacks before they suffer irreversible harm.

In 2020, the cyber threat environment deteriorated significantly, mainly due to a rapid increase in ransomware attacks. Yet many organizations are still relying on outdated and insufficient cybersecurity practices, leaving them inadequately prepared for today’s cyber threats. Last year the average ransom demand increased by 700% over 2018 levels.¹ In 2020, ransomware attack volume also increased by over 100% since 2018.¹

Hackers have devised new and innovative ways to gain access to networks to uncover opportunities to launch attacks, including the detection of open remote desktop protocol (RDP) ports.

RPD port vulnerabilities

RDP ports enable employees working away from their physical office to access computers and stay connected through remote work. This connection method has become more commonplace and is essential for many organizations. Open RDP ports allow a pathway for ransomware to be deployed in an effort to encrypt critical data within a system.

In our Tokio Marine HCC – Cyber & Professional Lines Group estimates, we found about 60% of all of our ransomware attacks last year originated from open RDP ports.

RDP is typically accessed with usernames and passwords and therefore susceptible to brute-force attacks and credential stealing campaigns. After an attacker compromises an RDP connection, they will often deploy malware (like ransomware), steal data, or move laterally in a corporate network to perform reconnaissance.²

The current cyber landscape can be diffi­cult to navigate. Remaining vigilant with security posture can help prevent attacks from happening.

How to protect your organization from a ransomware attack

Constellation company policyholders have complimentary access to TMHCC CyberNET^®, the most advanced cyber risk management solution addressing the latest trends in data breaches and cyber crime, including best practices to protect against RDP remote access.

Best practices for RDP³:

• Never have RDP exposed to the internet or open to any other network you do not trust.
• Always secure a virtual private network (VPN) or RDP Gateway with Two Factor Authentication (2FA).
• Always enforce strong complex passwords and enable an account lockout policy after too many failed attempts.
• Restrict access to RDP by applying firewall rules to limit which IP addresses (individual or group) can access the RDP server from untrusted networks.
• Keep all remote access software (especially Windows Server) updated and patched.

To access TMHCC CyberNET^®, sign in to Constellation and navigate to Cyber Prevention found in featured content on Risk Resources.

Constellation^® is a trademark of Constellation, Inc.

References

¹Based on Tokio Marine HCC – Cyber & Professional Lines Group’s 2020 data.
² ePlace Solutions, Inc. via: https://www.pandasecurity.com/mediacenter/security/brute-force-rdp/
³ePlace Solutions, Inc., TMHCC CyberNET^®.

^{This communication provides a general product summary and should not be construed as a guarantee of coverage. Any claim scenarios described in this communication are hypothetical and used solely for the purpose of illustrating how the insurance is intended to apply to certain situations. Whether, or to what extent, the insurance applies to a particular claim or loss depends on the circumstances of the claim or loss and the terms and conditions of the policy, as issued.}

Share this blog article:

---