Small and medium businesses in India’s capital are facing an increased ransomware attack in the last few months. Cyber-criminals are leveraging the pandemic to attack businesses and users for their own benefits. At the starting of the pandemic, the entire world went under lock-down and big, small, and medium companies were forced to shift the entire working space from offices to home.
Work-from-home is the new normal and everyone is now used to it, but this increases the risk of ransomware attacks. According to the ETCISO report, “This year, the ransom demands have reached nearly $8,620 (nearly Rs 6.4 lakh) on average in the pandemic times.”
The report also claimed that a new ransomware attack called ‘Dharma’ is bothering small and medium-sized businesses throughout the Covid-19 pandemic. A cyber-security firm named Sophos has reported in its research note that the researchers have witnessed 85 percent of such attacks are mainly focused on exploiting access tools like RDP (Remote Desktop Protocol)
“Dharma is fast-food franchise ransomware: widely and easily available to just about anyone,” said Sean Gallagher, a senior threat researcher at Sophos.
Dharma is not a new ransomware, it was discovered way back in 2016 and ever since it’s there. Researchers claim that this is one of the most beneficial ransomware families on the dark web because it has a mass-market, service-based business model.
“That’s worrying enough in itself in normal times. But right now, with many businesses adapting to the pandemic and accommodating a need for rapid support for remote workers, and IT staffs stretched thin, the risks from these attacks are magnified,” Gallagher said in a statement further added.
Different cycles of its source code have been dumped on the web or is available for purchase, such huge numbers of variations of the code currently exist. Dharma customers are known as affiliates, the ones who purchase the tool and compromise their target. The buyers depend completely on a menu-driven “PowerShell” script which is responsible for installing and launching the script which is required to inject the ransomware on the target network.
Once the master script is implemented, it recognizes itself as a Toolbox and launches the attack with an opening message which reads “Have fun, bro!” According to the researchers, the affiliates are having some additional information which they are leveraging to make additional ransom demands.
“Check that you have a full inventory of all devices connected to your network and always install the latest security updates, as soon as they are released, on all the devices and servers on your network,” said the researchers.
If you want to avoid such ransomware attacks then it would be better to shut-down the entire internet-facing remote desktop protocol which restricts cyber-criminals to access the networks. However, if you still want to use the RDP then cover it with a VPN connection to make it secure.
The need for shifting the working infrastructure from office to home has made small companies more vulnerable. The adequate amount of IT support and monitoring system is not possible for the company which has given an upper hand to the cyber-criminals.
Common Attack Techniques
Phishing attacks using COVID-19 as a lure are the most visible and immediate cyber-security risk right now. Common tactics include:
- Coronavirus news
- Home delivery scams
- Extortion attempts
- Malicious apps
- Malicious documents
How To Avoid Attacks
Multi-factor authentication is the best way to avoid these attacks, this will restrict attackers to access send you face login page to trick you to enter your credentials. Researchers suggest that it’s always a good practice to keep an eye on the actual email address from which you are receiving emails.
You can also use solutions from different cyber-security firms that ensure the complete security of your servers and work as a firewall to keep your online appearance secure.