Ransomware Targets Remote Workforce: How to Keep Your Network Secure

It’s no secret that cybersecurity is one of the most important investments your company can make, but as many companies have had to implement remote workforces with very little preparation, many have left doors wide open for organized attacks on their most precious digital assets. 

Earlier this year, enterprise security solutions provider Symantec issued an urgent warning about the Russian hacker group Evil Corp, which was preparing to release a string of ransomware attacks on dozens of U.S. corporations with currently remote workforces, including eight Fortune 500 companies. This particular ransomware attacks a victim company’s IT infrastructure by encrypting servers and local computers, and demands a multimillion dollar ransom to unlock them. According to Symantec, the aptly named Ransom.WastedLocker gains access with a malicious Javascript-based framework known as SocGholish, tracked to more than 150 compromised websites, and masquerades as a software update. Once the attackers gain access to your network, they use Cobalt Strike commodity malware with several other tools to steal credentials, escalate privileges, and move across your network in order to deploy WastedLocker on multiple computers within your infrastructure. 

In August, smartwatch maker Garmin reportedly paid a multi-million dollar ransom to unlock files that were encrypted from a WastedLocker virus attack

Recent attacks are said to be in retaliation to the U.S. Justice Department’s December indictment of several prominent leaders of the hacking group Evil Corp. Not only does paying a cyberattack ransom proliferate the practice of ransomware attacks, but companies who pay the multimillion-dollar ransoms ultimately end up spending more on the ransom plus data cleanup and recovery costs after the fact. That’s why cybersecurity experts at every level, even up to the FBI, recommend not paying hackers their ransom. 

With so much at stake, what can you do to protect your business and your employees from malicious cyberattacks?

Protecting Your Company from Cyberattacks

Cybersecurity Starts with Education

It’s more important than ever to provide IT security training to your remote workforce, since many workers come from very different backgrounds and levels of technological fluency. Basic security knowledge, such as avoiding phishing emails and public Wi-Fi, and ensuring home Wi-Fi routers are secure, provide a solid foundation. It is highly recommended to manage the devices your employees use to work from home, though it may be tempting to cut costs by allowing workers to use their personal computers. 

Mobile Device Management 

Owning and deploying a fleet of company machines for your work-from-home employees allows your IT admin to remotely manage the security of your IT infrastructure, installing critical patches and making it easier to keep corporate data and personal data separated. 

Password Security Audit 

Many consumers use the default password provided to them by an IT provider when they set up their accounts, or worse, commonly used passwords that are easy to crack. Conducting a password audit doesn’t require you to review employee passwords for all digital work logins. Instead, require employees to reset any passwords used for enterprise services and implement a stringent password requirement policy. Requiring your employees to use alphanumeric codes, multi-factor authentication, and business-critical passwords stored somewhere offline can all help protect your sensitive business information from man-in-the-middle, data sniffing, and other types of attacks. Microsoft offers a Password Manager app for mobile, which syncs with SkyDrive, but Key Vault on the Azure platform is built for enterprise-level security and scale.  

Secure Wi-Fi at Home and Everywhere 

As household networks are increasingly taxed by entire families engaging in work-from-home and remote classroom instruction, some employees may be tempted to find a public place with free Wi-Fi. While using public unsecured Wi-Fi is generally not advised, providing your employees with a secure VPN gateway based on the Azure cloud management platform will help mitigate security risks. 

Software Updates

Securing your IT infrastructure from the latest threats includes installing all patches and software updates as soon as they are released. You can even set up your admins with secure RDP access (Remote Desktop Protocol) to install updates for the teams from anywhere. 

The effectiveness of these measures to ward off cyberattacks relies heavily on the correct implementation. For instance, RDP is being used increasingly in cyberattacks against American remote workers. That’s why your best defense is having a top-rated team of cybersecurity experts on your side. 

Windows Management Experts has over 100 years’ combined experience in IT security and specializes in Microsoft enterprise cloud systems. WME is a Gold-rated Microsoft Partner in Datacenter and Windows Devices, and is integrated with the Microsoft Infrastructure and Cloud community. Through our dedication to Windows, we’ve amassed a huge network of talented professionals for both managed IT services and temporary placement to assist in large-scale deployment initiatives. 

Contact Windows Management Experts or call us today at (888) 307-0133 to assess your current vulnerabilities. 



Contact Us

On Key

More Posts

WME Security Briefing 27 May 2024

Kinsing Hacker Group Exploits Docker Vulnerabilities Overview Recent investigations have shown that the hacker group Kinsing is actively exploiting Docker vulnerabilities to gain unauthorized access to systems. The modified hacker group targets misconfigured Docker API ports deployed with cryptocurrency mining malware.

Read More »
WME Cybersecurity Briefings No. 010
Cyber Security

WME Security Briefing 20 May 2024

Advanced Persistent Threats: North Korean Hackers Launch Golang Malware Overview A new malware strain, called Titan Stealer, is currently actively circulating in the threat landscape, targeting a variety of personal data and linked to North Korean state-sponsored cyber espionage

Read More »
WME Cybersecurity Briefings No. 009
Cyber Security

WME Security Briefing 08 May 2024

Exploitable vulnerability in Microsoft Internet Explorer, used to deploy VBA Malware Overview Cybersecurity researchers discovered a severe exploitation targeting a bug that had already been patched in the Microsoft Internet Explorer browser. Their report added that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.