Have a weak login password? There’s a strong possibility that you are a sitting duck for cyber criminals who could exploit the vulnerability to create powerful ransomware that could enter your system in no time and decode your antivirus software.

The malicious software from cryptovirology could then threaten to publish your data or perpetually block access to it unless a ransom is paid. This emerging trend poses a big threat to companies.

“It doesn’t matter if a company has the right antivirus software to protect itself. If you allow ransomware into the machine, then the defense weakens,” Sanjay Katkar, Chief Technology Officer, Quick Heal Technologies Ltd, told Business Line . “In the last three months, our solution Seqrite has blocked nearly 35,000 Remote Desktop Protocol (RDP) attacks a day targeted at the Indian enterprises,” he said.

Brute-force attacks

Cyber criminals from remote locations, including Russia and North Korea, are getting smarter. A lot of people still use passwords such as abcd123 or 123abcd, and make it easy for the hackers to attack the systems, Katkar said.

Companies use RDP to manage and access remote systems and devices but often do not protect these IT resources with robust passwords or adequate security measures. All of these give cyber criminals an opportunity to take over vulnerable systems through brute-force and dictionary attacks, he says.

Ajathashatru Varma, Director Symantec Cyber Security, said ransomware are also delivered through email as a link or a file. Many times, ransomware evade antivirus detections at the time of initial download or execution of the files.

There are strains of ransomware attack that can bypass the antivirus software. Attacks exploiting the weak operating system password requires breaking (brute-force attack) the password to gain place access and then planting the code, which is generally not rampant yet, said R Vittal Raj, a specialist trainer in cyber forensics and cyber law.

Ransomware attacks occur in two payloads: one that detects an operating system vulnerability in a target computer, and if found, installs a code to encrypt files on the target machine; and the other that replicates the attack on other computers connected to the attacked computer. Computers with Windows not updated are generally the common target, he added.