Remote access tools targeted in 58% of ransomware attacks

If your business uses remote access tools like VPNs, you may want to watch out, as hackers have been targeting these tools with ransomware.

Research by cyber insurance provider At-Bay has found that remote access tools were the intrusion point for 58% of ransomware attacks in 2023. Of these attacks where remote access tools were used to gain access to a network, 62% of them were linked to self-managed VPNs.

The research also found that organizations using self-managed VPNs from Cisco and Citrix were 11 times more likely to be the victim of a direct ransomware attack than those using a cloud-managed VPN or even no VPN at all.

It's clear that the best VPN services are a target for hackers—in this article, I explore why.

Why are hackers targeting VPNs?

While VPNs are an important part of business security, they can also be used by hackers to gain access to an organization's network.

A business VPN is still an important security tool to use, though, especially if you work remotely. That's because it encrypts your connection to your organization keeping your data safe from prying eyes.

At the same time, VPNs can also be taken advantage of. This is because VPN connections act as a door between you and your organization's network. While, in general, this door is needed to connect to your organization, this door can also be used by hackers to compromise your organization's data.

By targeting VPNs, hackers can get through this door into your company's network, and then move across it, spreading ransomware and infecting more devices on the network as they go.

An example of this can be seen in the recent Change Healthcare cyber attack. By using compromised credentials, the BlackCat/ALPHV ransomware gang logged in to the healthcare organization's network via a Citrix remote access portal. They were then able to move across Change Healthcare's network, deploying ransomware and seriously impacting its operations for months afterward.

What is ransomware? 

Ransomware is a type of malicious software (also known as malware) that works by encrypting your files and charging you a ransom to unencrypt them.

Ransomware can have devastating effects on your organization. It enables cybercriminals to move laterally across your network, encrypt all the data stored on your network's devices, and charge a huge amount of money to give you back access to it.

This will essentially grind all of your business operations to a halt, putting a huge amount of pressure on your leadership team to either pay the ransom and gain access to your files or not pay the ransom, attempt to take back network control, and try to continue business functions as well as you can. Both options come with a large amount of cost and disruption, although it's important to note that cybersecurity best practice strongly recommends not paying the ransom.

With At-Bay finding that the frequency of ransomware claims has increased by 64% in 2023, it's more important than ever to safeguard both yourself and your organization against ransomware attacks.

How can I avoid ransomware attacks? 

As we have seen, ransomware can do some real damage to businesses. This is why it's so important to be vigilant and prevent hackers from successfully infiltrating your network. Here are a few tips to help you stay safe from cyber attacks.

One of the ways hackers spread ransomware is via phishing campaigns. This means they send you an email posing as a trusted source, and entice you to click on a link, scan a QR code or download a file. This then downloads and launches the ransomware on your device and gives the cybercriminals access to your network.

If you get an email from someone pressuring you into clicking/downloading something, even if it appears to be someone in your organization, it's important to take a moment and check the following things:

• The sender's email address. While hackers can make their display name the same as someone in your organization, they cannot use the same email address. Hover over the display name to check whether the email address is the same as the one you already have for them. When in doubt, reach out to the person directly to confirm if you sent you the message.
• The language used in the email. Hackers will heavily encourage you to click links, scan QR codes or download files. They will imply that this is a very urgent matter in order to get you to not think too hard before you click. If you feel a message is putting too much pressure on you to take an action like this, it's always best to report it to your IT team. 
• The link itself. While cyber criminals are getting more sneaky with the links they send, making them appear legitimate, there may be some hints that the link is not going to a real site. Check the link's domain name, any spelling errors, changed characters or erroneous adding of words e.g. 'the' to the website. 

If you suspect you have been sent malware or ransomware, it's important to report it to your organization, as it's highly likely that you're not the only person being targeted. In doing so, you help protect the rest of your organization by letting them know they should be cautious.