It's often said that using MFA, also known as two-factor authentication (2FA), is one of the best things you can do to help protect your accounts and computer networks from cyberattacks because it creates an effective barrier – and now Europol has seen this in action while investigating ransomware gangs.
"We've done investigations where ransomware criminals were monitored. In certain investigations, we saw them trying to access companies – but as soon as they would hit two-factor authentication in this process, they would immediately drop this victim and go to the next," said Marijn Schuurbiers, head of operations at Europol's European Cybercrime Centre (EC3), speaking about an undisclosed incident the agency investigated.
It demonstrates how useful MFA can be in preventing ransomware and other cyberattacks. Even if the attacker has the legitimate password for the account – either because it's been guessed or it's been stolen – using MFA usually prevents them from being able to log in.
An unexpected alert from an MFA authenticator app can also notify the intended victim that something is wrong and should be investigated, which can also help to prevent further attacks and incidents.
However, if attackers can't access that data due to the use of MFA, they can't attempt to exploit it for extortion.
"This is really crucial information that companies can use for their counter strategies. Know that if you implement two-factor authentication for your systems in general – or maybe specifically, your crown jewels – you will significantly reduce your chances of falling victim to a ransomware group, which uses double extortion," said Schuurbiers, who was speaking at the sixth anniversary of No More Ransom.
No More Ransom is an initiative by Europol, additional law enforcement agencies, cybersecurity companies, academia and others that provides victims of ransomware attacks with decryption keys for free. So far, the scheme has helped 1.5 million people get their files back without paying ransomware gangs.