DHS warns of ransomware activity targeting remote access software

remote desktop - ransomware
(Image credit: Shutterstock) (Image credit: Shutterstock)

The Department of Homeland Security (DHS) has issued a warning to businesses concerning a rise in ransomware activity targeting businesses that rely on remote access solutions, like remote desktop software. 

This warning follows a report by New Zealand’s Computer Emergency Response Team (CERT) which highlighted the importance of regularly updating company software and ensuring the use of strong passwords and multi-factor authentication.

These were found to bethe most common points of entry for attacks that target remote access systems like Remote Desktop Protocol and virtual private networks (VPN).

In a ransomware attack, a hacker encrypts a business’s files or data, rendering it unreadable and unrecoverable. The attacker then holds that information ransom, demanding a sum of money to release or restore it. Of course, in the wake of COVID-19, there are few businesses today that don’t leverage remote desktop and access solutions to some degree, meaning that thousands of businesses worldwide are at risk. 

Hackers infiltrate first, then explore and attack

According to the report, attackers first gain access through vulnerabilities in remote access software, and then move through a business’s internal network, employing tools like mimiktaz and psexec to increase their access level and reach sensitive information. 

Having extracted or encrypted this information, the attacker can either sell it to a buyer, or threaten to release it publicly or destroy it if a ransom is not paid.

Because the attacker relies not only on remote access software to gain a foothold, but subsequent vulnerabilities in the network, it’s important for business to regularly update not only remote access software, but any and all systems that can be used to access company data. 

As is often the case with cybercrime, it’s much easier and cheaper to take the appropriate measures beforehand than to undergo the costly and time-consuming process of investigating compromised systems, eradicating the attacker, and, in many cases, having to pay the ransom. 

Businesses are now encouraged to patch software, enforce strong password use among employees, and adopt multi-factor authentication.

Christian Rigg

Christian is a freelance writer and content project manager with 6+ years' experience writing and leading teams in finance and technology for some of the world's largest online publishers, including TechRadar and Tom's Guide.