Criminals really love ransomware and the WannaCry and Petya are just two of the many notable variants of this type of malware. The Bitcoin cryptocurrency is partial to blame for this, as it makes it much easier for criminals to collect their ransom money anonymously. Such attempts were obviously being made before the emergence of bitcoin,
with the GVU and GEMA Trojans being well-known examples of scareware. However, their modus operandi was somewhat different. Instead of encrypting data, they used to frighten users with crimes that had allegedly been committed.
In such cases, payment was supposed to be made through systems like PayPal or the like. However, the disadvantage was that these systems are easy to track. Bitcoins changed both the playing field and the malware. Instead of fear and terror, such criminals now rely on full-fledged data encryption.
They provide the victim with instructions that explain how he can buy the digital currency, transfer it and get his data back. These malware families are quite popular. According to
Trend Micro, while there were 29 various types in 2015, the number increased to 146 in 2016. The company believes that the number will be 183 for 2017 and it’s set to rise further.
Among other things, this is due to the fact that criminals can acquire readymade construction kits and create their own malware. Luckily, most ransomware are somewhat
poorly-programmed. Researchers often find a master key for the encryption after a certain period of time. However, this doesn’t help victims who have to access important company data quickly.
Holding your data ransom
Think of your network as a house. A threat vector is basically a way for an attacker or robber to break into your house. So your threat vectors are your window, your door, your roof or any possible way someone can enter your house. Similarly, there’s a lot of ways to get into your network. It’s really easy for an attacker to find an open window to get into your network.
Here’s a video demonstrating Cryptolocker in action: –
Malware can be delivered by a number of methods:-
• Phishing attacks – Are the most common means of infecting a user. An email is sent to invite the victim to click on a malicious link or open a corrupted attachment. To date this is the most effective method in spreading malware to users who do not have the latest email protection or have not been educated on phishing attacks.
• Drive-by downloads
– Users are infected when they visit a compromised website. These websites can be compromised through malicious web code, an infected third-party piece of software or website code that has been changed by the attackers. The risk can be mitigated with a web filter and an updated antivirus software. Other strategies include limiting user permissions and disabling Java in the browser.
• Computers that are already infected with malware can download and install new malware, including Cryptolocker.
• Mix Method – Sometimes the infection is a result of a mix of the above methods.
For instance, a user attempts to install something, get tricked into installing something else and infected by a drive-by download in the background. The majority of malware is installed when users are tricked into randomly clicking on something.
That’s why user education is so important to the overall malware defense strategy.
So, how can you protect yourself? Some companies store bitcoins and pay off the blackmailers. But according to experts, this is the worst possible solution. Better strategies primarily involve the speedy installation of updates and regularly-scheduled
complete backups. Such measures represent the best way to protect data from both loss and potential theft.
Steep Rise In Malware Attacks Against The IoT
Malware botnets affecting IoT devices first made headlines in 2016 with Mirai specialized in such systems, launching unprecedented DDoS attacks. According to Kaspersky, criminals are thrilled by this approach.
This was evident by the number of attacks carried out up to April 2017, which was twice the number for all of 2016. Most of the attacks come from countries like Taiwan, the USA, Russia or China, while the days of attacks are usually on Mondays and weekends. During the middle of the week, the attacks usually recede. Attacks that target IoT devices are successful because the security of the devices leaves a lot to be desired.
The firmware is rarely (if ever) updated, and most of the products have standard passwords and open ports. Researchers believe that users should limit their devices’ web access operations as much as possible and install updates immediately.
Securing all entry points
Since Cryptolocker and its variants are constantly adapting to new defenses, it isn’t enough to identify the virus and protect you and your organization from that specific threat. The best approach is to secure the threat vectors so that the entryways to the
network are fully protected. One break in an attack sequence can prevent the installation of Cryptolocker. By using a layered approach to security, you will be able to break the sequence of infection at several levels.
Every method of entry on a network such as Emails, web and mobile applications, remote access, web browsing, mobile internet browsing as well as public and private cloud access is a threat vector that needs to be protected.
In other words, every network, cloud storage, mobile device, and computers have to be protected via a combination of Web Application, NG and SPAM Firewalls, Email Security solutions, web filters, mobile device manager and more. This will ensure a total protection
from malware such as Cryptolocker.
There are a few other things you can do to protect against Cryptolocker. Specific information on software restriction policies and CryptoPrevent can be found in this guide at Bleeping Computer. Basically, you want as many layers of defense that you get
between your data and the attackers.
In the event that you cannot stop an infection, ensure you have all your data safely stored via backup solutions and disaster recovery methods. This will ensure that compromised data can be restored in the event of a ransom attempt.
Only with a total threat protection strategy will an organization be able to create a proactive security strategy in their efforts to fend off malware infections. Remember, your network only as strong as its weakest link.
Hope my article “Rise Of The Cyber Ransom” helps you to understand cyber ransom and their methods.