Remote working putting organisations at risk of ransomware

CERT NZ is urging Kiwi organisations to tighten up the way they enable remote working for staff to avoid a ransomware attack.

2 August 2021

CERT NZ says the majority of ransomware attacks occur through poorly configured remote access systems, which businesses use to allow staff to access systems from outside the office.

While there are a range of these in use, one of the most commonly used is Remote Desktop Protocol (RDP), with over 2,500 identified in New Zealand. RDP has a number of weaknesses, which means when it is used over the internet it can be exploited by attackers, and is a leading contributor to the ransomware incidents that CERT NZ receives.

“It’s essential that organisations urgently review their remote access systems, and make sure these systems are as secure as they can be. You may need to talk to your IT team or service provider about how to do this,” says Michael Shearer, Principal Advisor – Threats and Vulnerabilities at CERT NZ.

CERT NZ is partnering with internet service providers to contact organisations that use internet-exposed RDP to provide advice on how they can make remote working more secure.

“Regardless of what technology organisations use to enable remote working, it’s important to keep your system up to date and enable two-factor authentication for logins.”

As RDP is often exploited by attackers to gain access to an organisation’s network, CERT NZ recommends organisations consider other options to enable remote working, such as a virtual private network (VPN). Good VPN solutions support two-factor authentication, which adds an extra layer of security, and are designed to be used over the internet.

More broadly, CERT NZ is concerned about the growing impact ransomware attacks are having on New Zealand.

“Recent events have brought to light the devastating effects a ransomware attack can have on an organisation. There’s been an increasing trend of these types of attacks globally over the past 18 months, and they’re only going to continue.”

CERT NZ has seen an increase in ransomware reports in the second quarter of 2021 (April to June), compared to the first quarter of the year. Reaching a total of 30 reports, this is the highest number of ransomware reports made to CERT NZ within one quarter.  

“These figures do not paint a complete picture of the extent of ransom attacks in New Zealand. These numbers only reflect what has been reported to us, however conversations with our industry partners indicate there are a lot more attacks happening.”

CERT NZ will soon be releasing more guidance for organisations about how to protect themselves against ransomware.

If your organisation has been affected by a ransomware attack, report it to CERT NZ via our online reporting tool at www.cert.govt.nz/report External Link , or our contact centre 0800 CERT NZ.

More information about securing an internet-exposed RDP