Remote Desktop Protocol (RDP), according to the FBI, is the most common method that ransomware attackers use to gain access to networks. With the working from home posture that many companies have been forced to adopt as a result of the COVID-19 crisis, RDP is being used more than ever to allow employees to remotely access corporate servers or workstations. There are several methods companies can use to increase protections. Users that have to access the network remotely should use a corporate Virtual Private Network (VPN) to securely connect to the company’s network, instead of exposing RDP servers directly to the Internet. Employees should use complex and unique passwords in their login credentials, and multi-factor authentication (MFA) should be enabled to protect systems from unauthorized access even if a password is compromised. Backing up data is a very strong way to recover from any ransomware attack. Binary Defense recommends following the 3-2-1 rule of backups: keep 3 copies of the data on 2 different storage devices with 1 of them being offsite. Companies should also monitor their endpoints for malicious programs and attacker behaviors that can give early warning of a compromise if attackers gain access. The Binary Defense Security Operations Center (SOC) monitors endpoints 24 hours a day to detect and defend from attacks before they have a chance to do damage.
To read more: https://www.bleepingcomputer.com/news/security/ragnarlocker-ransomware-hits-edp-energy-giant-asks-for-10m/
FBI Recommendations: https://www.bleepingcomputer.com/news/security/fbi-says-140-million-paid-to-ransomware-offers-defense-tips/