Stolen Passwords and Ransomware Attacks: What Businesses Can Do Right Now

Password managers are what antivirus software used to be for businesses—mandatory. And they’re a simple way to lock down your credentials, which are the easiest way in for ransomware attackers. 

The commanding presence of ransomware attacks in the headlines would compel any business leader or IT admin to ask: Could we be next? This cybercrime is so conspicuous and pervasive that you can’t ignore the possibility of an attack hitting close to home.  

There’s no silver bullet for protecting your organization. But you can do one thing to make it harder for ransomware attackers: Lock down your credentials. Here’s why. 

Ransomware: the “perfect” equal-opportunity crime 

When it comes to targeting potential victims, ransomware attackers don’t seem to discriminate. Consider the diversity of this sample:  

• Milk-processing plant in Wisconsin 
• School district in a small Pennsylvania town 
• Major U.S. advocacy group 
• Cancer care center in Las Vegas 
• Transit authority in Toronto 

All these organizations were hit in October, experiencing different degrees of impact that ranged from compromised data to disrupted operations. These attacks are so unrelenting that in the same month, government cybersecurity leaders from 30 countries have deemed them an escalating global security threat. (The U.S. had already declared ransomware a growing national security threat in July.) 

Many cybersecurity practitioners have called ransomware the “perfect crime,” considering that attackers: 

• Don’t need sophisticated skills for mass, nontargeted attacks, thanks to “off-the-shelf” ransomware 
• Don’t have to work too hard to monetize, because the victims become instant “customers” (one recent survey found that 83% of victims pay the ransom) 
• Aren’t very likely to suffer repercussion since it’s difficult to catch them 

We don’t expect to see the cadence of these attacks to slow down (the number of attacks in the first half of 2021 already surpassed the 2020 numbers, according to researchers at SonicWall). What can you do? For starters, make it harder for cybercriminals to sneak an infection into your network. 

The ransomware-credentials connection  

Like any typical worker looking for productivity hacks, ransomware attackers want shortcuts. The simplest of them all is a compromised password.  

Security researchers have found that various ransomware operators, from Maze to REvil, typically use credentials to gain initial access into a network. An internet-facing server like a virtual private network (VPN) or Remote Desk Protocol (RDP) is a common route.  

The most prominent example of this tactic was Colonial Pipeline. Ransomware attackers gained initial entry via an employee’s compromised VPN credentials, which they likely obtained from the dark web. While the disruption Colonial Pipeline suffered was extraordinary, the tactic was not. 

An entire marketplace category on the dark web called initial access brokers specializes solely in providing initial access to attackers. That marketplace has hundreds of “service providers,” so ransomware gangs don’t even have to bother with the heavy lifting.  

Of course, those services aren’t cheap. RDP access, for example, costs an average of $7,100, according to Digital Shadows.  

So what do cybercriminals on a budget do instead? They buy inexpensive, commoditized credentials—logins that have been compromised for a longer time and are less valuable. And they try to break in themselves through credential stuffing (a form of brute-force attack). 

Automated tools make these brute-force attempts efficient. And even though the success rate is low, all it takes is that “one time.” Colonial Pipeline is case in point. 

Why you need a business password manager

Think of ransomware defense as you would about protecting your house. You employ various measures that may include a dog, an alarm system, video surveillance, a tall fence, and so on. But all these (potentially expensive) methods are for naught if you leave your key under the doormat.  

That’s exactly what you’re doing if you’re not securing employee logins.  

Firewalls, backups, anti-malware, security awareness, and education—all these, and more, are necessary, basic best practices. But they won’t help you if your compromised credentials are floating on the dark web and all the attackers have to do is reach under the proverbial doormat.  

Of course, without a key, persistent actors may sooner or later find a way into your house anyway. Same with a password manager—it won’t guarantee that ransomware attackers will never get in. But what you’re doing is making it a lot more difficult and more expensive for them to do so because you’ve taken away their shortcut. Maybe even to the point where your house (or business) doesn’t look that appealing, after all. 

How Dashlane helps 

Password managers are the new antivirus: a mandatory, simple, basic tool that no business should be without. Dashlane’s password manager for businesses makes ransomware attackers’ lives harder by making it easy for employees to practice good password habits.  

Here’s how: 

• Our Dark Web Monitoring feature immediately notifies employees when their credentials become exposed on the dark web so they can quickly change the password and minimize the hackers’ window of opportunity.
  
• With the Password Generator, employees can easily generate unique, complex, random passwords, whether they’re creating new logins or replacing compromised ones.
  
• Thanks to our Password Health feature, admins can identify risky employees with poor password habits and engage them in best practices. 

Ready to stop making ransomware attackers’ jobs easy? Lock down your passwords. A password manager is one of the least expensive and simplest tools you can add to your security toolbelt.