With last year's ransomware attack on the City of Columbus, it's a good time to remind everyone that ransomware is out ...
With last year's ransomware attack on the City of Columbus, it's a good time to remind everyone that ransomware is out there, threatening businesses every day. It's not going away and for more and more businesses it's not a question of if, but when.
As cybercriminals become more sophisticated, traditional security measures like Virtual Private Networks (VPNs) and Endpoint Detection and Response (EDR) tools are increasingly being bypassed. For Ohio business leaders, understanding these evolving threats is crucial to safeguarding your organization's data and operations.
The Evolving Threat Landscape
Ransomware gangs are now exploiting vulnerabilities in VPNs and EDR systems to gain unauthorized access to corporate networks. For instance, Cisco's Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) VPNs were found to have a zero-day vulnerability that allowed attackers to conduct brute-force attacks against existing accounts, enabling unauthorized access to networks.
Similarly, ransomware groups have been observed exploiting remote access services, such as VPN and Remote Desktop Protocol (RDP), to gain initial access to corporate networks. This highlights the importance of securing remote access points and ensuring that all systems are up to date with the latest security patches.
How Attackers Bypass Security Measures
One of the tactics employed by ransomware gangs is the "Bring Your Own Driver" (BYOD) technique. This involves deploying a legitimate, vulnerable driver on targeted devices to escalate privileges, disable security solutions, and take control of the system. By exploiting these vulnerabilities, attackers can disable EDR tools and other security measures, making it easier to deploy ransomware and exfiltrate sensitive data.
Steps Your Ohio Business Can Take
To protect your organization from these evolving threats, consider implementing the following measures:
-
Enhance Remote Access Security. Ensure that all remote access services, such as VPN and RDP, are secured with Multi-Factor Authentication (MFA) and are regularly updated with the latest security patches.
-
Regularly Update and Patch Systems. Keep all systems, including VPNs and EDR tools, up to date with the latest security patches to mitigate known vulnerabilities.
-
Monitor and Audit Network Activity. Implement continuous monitoring and auditing of network activity to detect any unusual or unauthorized access attempts. Hire a Managed Service Provider, like us, to run a vulnerability scan on your network. These scans will show weak points and possible entryways into your network so you can plug the holes.
-
Educate Employees on Security Best Practices. Conduct regular training sessions to educate employees about the importance of cybersecurity and best practices for identifying and avoiding potential threats. Download our free Cybersecurity Policy Template to get started.
-
Develop an Incident Response Plan. Create and regularly update an incident response plan to ensure a swift and coordinated response in the event of a security breach.
In Ohio, where many businesses rely on legacy systems and infrastructure, it's particularly important to stay vigilant against these evolving threats. Collaborating with local cybersecurity experts, like us, and staying informed about the latest threat intelligence can help Ohio business strengthen their defenses against ransomware attacks.
By understanding the tactics employed by ransomware gangs and taking proactive steps to secure your organization's systems, you can better protect your business from these evolving cyber threats.
Maintaining Vigilance and Best Practices
Ransomware protection is not a one-time task but a continuous process. It requires constant vigilance, regular updates, and adherence to best cybersecurity practices. Remember, the landscape of cyber threats is ever evolving. Stay informed about the latest ransomware threats and trends. Implement the tips discussed in this guide and maintain a proactive approach to safeguard your digital assets against ransomware attacks. For more on ransomware prevention, remediation or if you want to know if your organization is at risk, check out our page.
Frequently Asked Questions: Ransomware & Ohio Business Security
What is this ransomware article about for Ohio business leaders?
This article explains how modern ransomware gangs are bypassing VPNs and Endpoint Detection and Response (EDR) tools and what Ohio business leaders should do to protect their organizations. It uses examples like the Columbus ransomware attack to show why ransomware is no longer a question of if but when.
How are ransomware gangs exploiting VPN vulnerabilities and remote access tools?
Attackers increasingly target VPN and remote access services to gain an initial foothold in business networks. The article highlights real-world issues, such as a zero-day vulnerability in Cisco ASA and Firepower Threat Defense (FTD) VPNs that allowed brute-force attacks against existing accounts. Ransomware groups also abuse remote access tools like RDP (Remote Desktop Protocol) to move deeper into the network if these services are not properly secured and patched.
What is the “Bring Your Own Driver” (BYOD) technique used by ransomware gangs?
The Bring Your Own Driver (BYOD) technique involves deploying a legitimate but vulnerable driver onto a target system. Once loaded, this driver can be exploited to:
• Escalate privileges
• Disable EDR and other security tools
• Take control of the endpoint
By abusing trusted but flawed drivers, attackers can turn security tools off before launching ransomware or exfiltrating data.
How can Ohio businesses secure VPN and remote access against ransomware?
The article recommends several best practices to strengthen remote access security:
• Enforce Multi-Factor Authentication (MFA) on VPN, RDP, and other remote access services
• Keep VPN appliances and remote access tools fully patched with the latest security updates
• Restrict remote access to only the users and devices that truly need it
• Regularly review access logs for unusual sign-in patterns
These steps make it much harder for ransomware gangs to exploit remote access as a “back door” into your network.
Why are continuous monitoring and vulnerability scans so important for ransomware protection?
Ransomware gangs often lurk in networks before encrypting data, so continuous monitoring helps detect suspicious behavior early. The article urges businesses to:
• Monitor and audit network activity for unusual logins or large data transfers
• Use a Managed Service Provider (MSP) to perform regular vulnerability scans that reveal weak points and exposed services
• Fix or “plug” the vulnerabilities those scans uncover
This proactive approach lets you close security gaps before attackers can use them as workarounds.
How does employee cybersecurity training help prevent ransomware attacks?
Human error is still one of the biggest ransomware risk factors. The article stresses that ongoing employee education on cybersecurity best practices is essential. This includes:
• Recognizing phishing emails and malicious links
• Reporting suspicious activity quickly
• Following company policies on passwords and remote access
Cloud Cover even offers a free Cybersecurity Policy Template to help organizations formalize these best practices and make training more effective.
If you think you have been the victim of a ransomware attack and need help, contact us for assistance.