It used to be that ransomware just looked for office files. Then backups became a secondary victim. New data from Kaspersky shows NAS devices are being added as targets.
The success of a ransomware attack depends solely on whether the victim can’t possibly recover. It’s the very reason why ransomware started using tactics like looking for the 40-ish backup filetypes, as well as using an attack loop (where the ransomware infects a machine but lies dormant for months to ensure multiple backups include the ransomware).
But attackers are now thinking in terms of how to cross-pollinate their code with cybercriminals well-versed in taking advantage of known vulnerabilities. According to researchers at Kaspersky, the goal is to attack the very NAS devices hosting an organization’s backups. If you were a ransomware author, it’s a smart move; your goal is to render the victim company unable to respond in any other way than to just pay the ransom.
It’s generally accepted that ransomware finds its way into an organization in one of two ways these days – either via an exposed and unsecure RDP connection, or via email. Addressing RDP is easy; don’t allow RDP via the Internet. But email is a larger challenge.
Despite best efforts, even organizations with a layered preventative security strategy in place still find that ransomware emails make their way all the way to the unsuspecting user. This last line of defense needs to be shored up with Security Awareness Training so that the user themselves becomes part of the organization’s defense, spotting the potentially malicious email and not engaging with its contents or attachments.