STE WILLIAMS

Ransomware Rages On

[Black Hat Europe 2016 Sponsor Content]

A hunger for profit drives ransomware’s growth. This year the cost of ransomware may reach 40-times that of last year, according to data from “Hackerpocalypse: A Cybercrime Revelation,” a report from the Herjavec Group.

Attackers use ransomware to profit quickly, easily, repeatedly, and anonymously. Whether you pay or not, you stand to lose something. You’re either out the funds and on the list for more attacks, or you’re punished for standing fast. Penalties for nonpayment include deleting, publishing, and selling your data (to other hackers) and launching DDoS attacks designed to bring your site down.

Though ransomware is evolving, attack vectors point to workable solutions that are available now.

Ransomware Evolution

Before enterprises figure out how to mitigate the ransomware that currently exists, attackers have already taken the next step in evolving this threat, making it more perplexing, commonplace, and malicious. As countless new examples routinely appear in the marketplace, ransomware takes on new capabilities and adds complexities that confound security companies. Recently, malware coders supplemented Locky ransomware with the capacity to encrypt files inside servers and computers without an Internet connection, using a built-in encryption mechanism.

Still other malicious software developers have made a Ransomware-as-a-Service offering available with an affiliate program for distributors; it is now easier to resell ransomware to other criminal hackers, further popularizing these attacks. As ransomware proves its viability for operating systems such as Android and devices in the Internet of Things, the attack surface broadens and the potential results of attacks become more venomous.

Attack Vectors Point to Protection Methods

Cyber crooks send ransomware using these methods, among others:

· email using infected links and attachments;

· drive-by attacks where unsuspecting employees surf to infected websites or click on malicious advertisements (called Malvertising);

· hacked remote desktop servers where they then trigger the ransomware attack. This last method that was only recently discovered.

For email and drive-by attacks, organizations should consider anti-spam tools that require manual confirmation from a human being before letting email through. They should also look into blocking all email attachments and using other more secure file transfer methods and deploy a best-in-breed anti-phishing tool. Other strategies should include using text-only email, teaching employees the signs of infected links, and continually updating blacklists of known bad sites and/or use whitelists of known good sites.

It’s equally important to close up remote desktop servers if you don’t use them or heavily constrain remote desktop access using long, strong passwords and two- and three- factor authentication, changing passwords often.

Use Every Layer of Protection Possible

Ransomware is now a popular, effective, and profitable approach that cyber criminals increasingly insert or inject into attacks by a variety of means. Remote desktop server attacks are a good example of this as these attacks are a diversion from more traditional drive-bys and email. Because of this, your justification for using every layer of protection available, for tightening down every configuration, for hardening every system, and for following and enforcing every policy now also include ransomware.

Article source: http://www.darkreading.com/attacks-breaches/ransomware-rages-on/d/d-id/1327015?_mc=RSS_DR_EDT

Comments are closed.