Ransomware actors are again using TeamViewer to gain initial access to organization endpoints and attempt to deploy encryptors based on the leaked LockBit ransomware builder.
TeamViewer is a legitimate remote access tool used extensively in the enterprise world, valued for its simplicity and capabilities. Unfortunately, according to Bleeping Computer, the tool is also cherished by scammers and even ransomware actors, who use it to gain access to remote desktops, dropping and executing malicious files unhindered.
Preventive measures to ensure companies are protected against ransomware or malicious attacks are vital but mistakes can happen and sophisticated criminal groups will relentlessly target any given vulnerability.
Named measures are for example using strong unique passwords in alliance with multi-factor authentication to protect the systems from unauthorized access. Furthermore, all hard- and software needs constant updating with the appropriate patches. State-of-the-art security software, employing multiple layers of detection technology on all possible attack vectors to prevent ransomware infections also needs to be in place to ensure a maximum level of protection. Offsite, and disconnected backups and a tested restore process are also vitally important.
by Jake Moore, ESET
ESET Ireland 