Here at Vancord, we frequently respond to incidents where normal business operations have ground to a halt because of a ransomware attack. Ransomware attacks have been on the rise over the years, and it’s easy to see why. Hackers stand to make a pretty penny locking up critical systems or data. The average ransomware attack costs a business $713,000.
In order to ensure their pay day, one of the chief goals of an attacker is to disable the backup systems. While this likely isn’t new information to you, we wanted to give you one bit of advice that could throw a wrench in the hacker’s plans so you can avoid making that ransom payment.
Ransomware attack strategies that hackers use
Understanding how an attacker moves in an environment could mean the difference between entering a nightmare situation or starting down the road to recovery. When an attacker gains a foothold in your environment, they start piecing together a more legitimate presence through credential theft.
The use of legitimate accounts gives broader access across an environment without risking detection. If the hacker can get their hands on a domain admin account, they will have access to every domain-bound workstation and server in your organization. From there, they will get to work on destroying your backup systems so you cannot recover.
Stop hackers in their tracks
How can you stop an attacker who effectively has the keys to your organization? To put it simply, you change out the locks. By not joining your backup systems to the domain, the attacker won’t be able to access them with the same domain admin credentials they’ve used elsewhere.
The bottom line
While this is a simple and cost-free method, it is still essential that good password practices are observed. Make sure the password is greater than 13 characters and is sufficiently complex. For added security measures, try only to use those credentials locally and avoid logging into the backup systems across the network. You never know who could be listening.