Cybercriminals often use phishing emails and other security breaches to break into a business’s network but some companies overlook one area in a business when it comes to ransomware attacks: inactive accounts. Cybercriminals leverage inactive or ghost staff accounts to enter a company’s network when businesses do not maintain their databases.
When employees leave a company, or in unfortunate cases, pass away, their accounts are often left active. For some companies that do not constantly update their systems, cybercriminals are now taking advantage of this and are actively exploiting it by spreading ransomware attacks.
Recent news from Sophos Rapid Response claims that the ransomware Nefilim impacted more than 100 systems for one of their clients with data theft and encryption. During the investigation, Sophos was able to trace the original network intrusion to a high-level administrator account, which belonged to a former member of staff who passed away and whose account was never deactivated. Before launching the ransomware attack, the cybercriminals quietly explored the company’s system by obtaining account credentials and other data for a month.
Deactivating ghost accounts helps prevent intruders from entering your network. In the event you need to keep a ghost account active, implement procedures to govern, monitor, and restrict certain access to those accounts. Keeping your database updated is critical cybersecurity hygiene.
Practice Basic IT Security
Practicing basic IT security will help prevent a majority of ransomware and other malware attacks. Here are a few steps you can take:
- Create effective backups in case you do become the victim of a cybercrime
- Ensure your network, database, and systems are constantly updated
- Use multi-factor authentication for all employees to access your network
- Educate and train your employees to recognize suspicious emails
- Have a clear plan for how to respond to an attack, should one occur
Tabush Group has a structured and documented cybersecurity framework that we operate within. For more information on our cybersecurity framework view our NIST Executive Summary.