Blog | Ironchip

El secreto del ransomware mejor guardado

Written by Jose Fernando Gómez | Jun 28, 2023
But before we start... What is Ransomware?


Ransomware (ransomware in a vague English translation) is a type of malicious software (malware) that aims to block access to a device's files or system and then demand a ransom to restore access.

Ransomware typically infiltrates a system through malicious downloads, phishing emails, using compromised passwords or by finding vulnerabilities in software. It can have a devastating impact on both individuals and organizations, as it can result in the loss of important data, disruption of operations and significant costs to attempt to recover files or restore affected systems.

It's not all about backups and antivirus...

When we talk about combating ransomware attacks, often the only solution that comes to mind is the classic antivirus (now called EDR or XDR) and the creation of daily backups. And yes, of course, these are the basic measures needed.

However, many times, other security measures can help us to avoid this attack. Measures that make cybercriminals have to work much harder to attack us, so that they do not see us as a profitable target. The question is, what are these measures?

For this, in this article, we will analyze how these cybercriminal groups work, in particular, we will talk about the largest and best known ransomware group: HIVE.

How do ransomware groups work? The HIVE group

A few weeks ago, the FBI dismantled the "Hive" cybercriminal group, which attacked companies of all sizes and sectors using ransomware.

It should be noted that cybercriminal groups work like a company: they seek maximum profit with minimum effort. That is why this group of cybercriminals always attacked companies that did not have an MFA system in place because it is easier and more profitable for them to carry out the theft.

99% of the companies that suffered attacks of this type did not have any multifactor authentication protection system implemented within the company. They only protected it with passwords. Thus, with a simple phishing attack or by using passwords previously leaked on the Internet, they could easily compromise the security of these companies.

Typically, they used these passwords to access the company's internal network (using VPN), and once inside, they distributed the ransomware to as many computers as possible by using remote connections (RDP), of course, also protected only by passwords.

So how can a Passwordless measure like Ironchip combat ransomware?

In this analysis, as can be seen, using a multifactor authentication method without passwords would have made the attack much more difficult, and would have been a more useful tool even than the antivirus itself.

A location-aware multifactor authentication tool such as Ironchip can help combat this type of malware in a number of ways: 

  1. Protection against weak or stolen passwords: With Ironchip, even if an attacker gains access to the user's password, they would still need to provide a second factor of authentication, in our case, a push notification that is sent to the user's device . This makes it difficult for cybercriminals to use compromised credentials or phishing attacks to gain access to systems and deploy ransomware.

  2. Suspicious activity detection: Ironchip's artificial intelligence is capable of detecting suspicious or unauthorized activity. If a user receives an authentication request on an unusual device or location, it can indicate an unauthorized access attempt. This allows preventative measures to be taken, such as locking the account or notifying the user of suspicious activity, which helps prevent ransomware before it spreads.

  3. Blocking access to compromised accounts: If a user falls victim to a ransomware attack and their account is compromised, MFA can be an additional layer of defense. Even if the ransomware blocks access to files or the system, the user's account access would still be protected by the second authentication factor. This prevents cybercriminals from being able to use the compromised credentials to access other services or systems linked to that account. 

Conclusion

In general, using MFA or Passwordless solutions as an additional security measure can significantly hinder cybercriminals' attempts to use stolen or brute force passwords to gain access to systems and deploy ransomware. With an MFA solution such as the one offered by Ironchip, the risk of an attack will be much lower because cybercriminals will not see your company as an easy target. 

For all these reasons, it is increasingly important to lead our organization towards a passwordless future, eliminating passwords. This will streamline management within the company and make the user experience more comfortable.

Don't let the cybercriminals get ahead of you, and ask us for information without obligation at the following link.