Homeland Security Warns That Weak Passwords Can Lead to Ransomware Attacks

DHS Warns about Weak Passwords and Ransowmare Attacks

It's been a while since ransomware operators started focusing more on businesses and organizations rather than individual users. It was a pretty big shift, and quite a few people were somewhat dumbfounded by it, but when you think about it, you'll see that there were a few good reasons for it.

For one, the more people learned about the importance of backups, the less successful the extortion attempts became. What's more, cryptojacking attacks proved not only much easier to pull off but more profitable as well, thanks to the soaring cryptocurrency prices.

In addition to all this, the crooks realized that in the corporate world, a ransomware attack could prove much more disruptive. Restoring from a backup is more complicated for a business than it is for an individual user, and a successful attack can actually force a company to shut its doors temporarily, which could be devastating. Both attackers and companies should be well aware of this by now, but it looks like plenty of organizations continue to convince themselves that it won't happen to them.

The Nefilim ransomware hits organizations in New Zealand

Last week, New Zealand's Computer Emergency Response Team (NZ-CERT) issued an advisory to warn organization about a ransomware campaign that was doing the rounds. NZ-CERT's experts had noticed increased activity from a ransomware family called Nefilim, and they were trying to warn companies about the dangers they're facing.

Nefilim is based on the Nemty ransomware, but the crooks have made several crucial modifications that make it much more suitable for attacking organizations. According to Trend Micro, unlike Nemty, Nefilim isn't offered as a service and is instead operated by a single group that organizes targeted attacks. According to NZ-CERT's advisory, once the hackers gain a foothold on a corporate network, they use a variety of tools to move laterally and steal data, which they later threaten to sell if the victim doesn't pay up. After that, the victim's files are encrypted with a combination of AES and RSA.

This is not why NZ-CERT issued its advisory, though. It did it because preventing the attack is not difficult at all.

DHS and NZ-CERT: Patch up your systems and strengthen your passwords at once

When the attacks are aimed at organizations rather than individual users, the crooks tend to avoid using the traditional spam email. In the corporate environment, the spam filters tend to be a bit more sophisticated, and some organizations conduct anti-phishing training programs that help employees understand the threat better.

The Nefilim campaign, like so many other ransomware attacks, relies on vulnerable networks, weak passwords, and lack of two-factor authentication. According to the advisory, the crooks are targeting organizations that use the Remote Desktop Protocol and Virtual Private Networks without securing them with proper authentication. Networks that haven't received the vital security patches are also on the hackers' menu, and although we're talking about relatively simple mistakes, the number of potential targets is so big, that the US Cybersecurity & Infrastructure Security Agency (CISA), which is part of the Department of Homeland Security, reiterated NZ-CERT's warnings.

If experience is anything to go by, however, these warnings will still not be enough to get sysadmins all around the world to properly set up their systems. This is far from the first attack that takes advantage of poor network configuration, and it probably won't be the last. Security experts have been alerting users and businesses about the dangers for a while now, but this clearly hasn't had much of an effect. The really unfortunate thing is that at this point, there's nothing to suggest that the situation will improve in the near future.

By Duran
June 26, 2020
Password Security
English
June 26, 2020
Password Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

Security Experts Warn That Victims of Ransomware Attacks MUST Change All Passwords

When an organization is hit by ransomware, many people tend to think that the only thing to worry about is restoring the data as quickly as possible. Earlier this week, however, cybersecurity reporter Brian Krebs told... Read more

January 9, 2020
Ransomware

Alert: Ransomware Can Slither in If Your Passwords Are Weak

Email is a very effective way of distributing all sorts of malware, and there are a few very good reasons for this. First of all, everybody has an email account. Although we have other means of communication, we still... Read more

January 8, 2019
Ransomware

Researchers Claim That Weak Passwords Were to Blame for 30% of Ransomware Infections in 2019

Cybercriminals need to be flexible and adaptable if they are to run a successful operation. Crooks never sit still and are constantly changing their tactics not only to stay one step ahead of law enforcement agencies... Read more

January 22, 2020
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.