Ransomware Can Cost You… How to Make Your Organization More Secure

December 6, 2021

By Tokio Marine HCC – Cyber & Professional Lines Group

Ransomware can cost you…

Your employee receives an email seemingly from Microsoft, warning them that their account may have been compromised, and to login to verify that they are the owner of the account. The user inputs their login and password, and the credentials are stolen by a hacker using this rudimentary but highly successful phishing technique. The criminal notices that your employee’s computer has the Remote Desktop Protocol (RDP) enabled, and logs into the employee’s computer while they work from home, using the stolen credentials. The hacker uses the hijacked computer to find the backup server on the company’s network, and deploys ransomware to encrypt the company’s backups, before launching a wide-ranging attack on the rest of the company’s computers and servers.

This attack cost the company over $10,000,000 between the 7-figure ransom payment, related expenses and business interruption losses.

Ransomware is a major threat for organizations of all sizes, including health care organizations.

The number of cyberattacks taking place every year is surging, and organizations need to take adequate precautions to prevent these attacks before they suffer irreversible harm.

In 2020, the cyber threat environment deteriorated significantly, mainly due to a rapid increase in ransomware attacks. Yet many organizations are still relying on outdated and insufficient cybersecurity practices, leaving them inadequately prepared for today’s cyber threats. Last year the average ransom demand increased by 700% over 2018 levels.¹ In 2020, ransomware attack volume also increased by over 100% since 2018.¹

Hackers have devised new and innovative ways to gain access to networks to uncover opportunities to launch attacks, including the detection of open remote desktop protocol (RDP) ports.

RPD port vulnerabilities

RDP ports enable employees working away from their physical office to access computers and stay connected through remote work. This connection method has become more commonplace and is essential for many organizations. Open RDP ports allow a pathway for ransomware to be deployed in an effort to encrypt critical data within a system.

In our Tokio Marine HCC – Cyber & Professional Lines Group estimates, we found about 60% of all of our ransomware attacks last year originated from open RDP ports.

RDP is typically accessed with usernames and passwords and therefore susceptible to brute-force attacks and credential stealing campaigns. After an attacker compromises an RDP connection, they will often deploy malware (like ransomware), steal data, or move laterally in a corporate network to perform reconnaissance.2

The current cyber landscape can be diffi­cult to navigate. Remaining vigilant with security posture can help prevent attacks from happening.

How to protect your organization from a ransomware attack

Constellation company policyholders have complimentary access to TMHCC CyberNET®, the most advanced cyber risk management solution addressing the latest trends in data breaches and cyber crime, including best practices to protect against RDP remote access.

Best practices for RDP3:

  • Never have RDP exposed to the internet or open to any other network you do not trust.
  • Always secure a virtual private network (VPN) or RDP Gateway with Two Factor Authentication (2FA).
  • Always enforce strong complex passwords and enable an account lockout policy after too many failed attempts.
  • Restrict access to RDP by applying firewall rules to limit which IP addresses (individual or group) can access the RDP server from untrusted networks.
  • Keep all remote access software (especially Windows Server) updated and patched.

To access TMHCC CyberNET®, sign in to Constellation and navigate to Cyber Prevention found in featured content on Risk Resources.

Constellation® is a trademark of Constellation, Inc.

References

¹Based on Tokio Marine HCC – Cyber & Professional Lines Group’s 2020 data.
2 ePlace Solutions, Inc. via: https://www.pandasecurity.com/mediacenter/security/brute-force-rdp/
3ePlace Solutions, Inc., TMHCC CyberNET®.

This communication provides a general product summary and should not be construed as a guarantee of coverage. Any claim scenarios described in this communication are hypothetical and used solely for the purpose of illustrating how the insurance is intended to apply to certain situations. Whether, or to what extent, the insurance applies to a particular claim or loss depends on the circumstances of the claim or loss and the terms and conditions of the policy, as issued.


Latest Blog Articles

What We Do and Say Matters—How Disrespectful Behaviors Increase Risk

Disrespectful and unprofessional behaviors have long been an identified problem in health care and they negatively impact culture, safety and risk.

Ransomware Can Cost You… How to Make Your Organization More Secure

A whole new world of vulnerabilities opened up to cyber criminals when COVID-19 triggered a near-universal pivot to remote work. Unsecure Remote Desktop Protocol ports can leave your organization at risk.

I’m Aware of a Mistake a Colleague Has Made. What Should I Do?

How communication and resolution programs support a modern approach to medical professionalism.