If you are in around the year 2020 and search the web for ‘fastest growing malware threat’, most probably you will get the first result on ‘ransomware’. This is a prominent threat since the 2000s and they have become sophisticated and growing over the years. Ransomware is a computer malware that encrypts and blocks access to computer files until a ransom is paid. It targets both human and technical weaknesses in an organization to make the systems vulnerable.
Paying the ransom will not guarantee that the encrypted files will be released. Phishing emails with malicious attachments or drive-by downloading (unintended download of computer software from the internet) are commonly used for ransomware attacks. Crypto ransomware is one of the recent forms of malware attacks which spread through social media with the use of social engineering techniques. For example, you may get an email with a password-protected zip file attachment allegedly from a friend or a reputed company. If you open the file, your computer will be infected and restrict access to files.
The top 5 ransomware variants which target companies and individuals are CryptoWall, CTBLocker, TeslaCrypt, MSIL/Sames, and Locky. CryptoWall was the first ransomware variant that only accepted ransom payments in Bitcoin. CryptoWall is primarily spread via spam email but also infects victims through drive-by downloads and malvertising. First ransomware variants to use Tor for its C2 infrastructure (Command-and-control servers are used by attackers to maintain communications with compromised systems within a target network).
Ransomware attacks may damage a business in several aspects such as financial, disruption to operations, reputation, and compliance issues. Most of the time, ransomware attacks are carried out in different phases. The initial phase is to compromise a computer and then to get elevated access on the network. The next phase is to spread, identity and steal data. The final step is to execute the ransomware.
If organizations follow a good security practice, most of these attacks can be blocked and stopped. A basic cybersecurity practice includes prevention, detection, and response. Organizations can follow a prevention strategy to make sure that antivirus software is deployed and updated consistently and configured for blocking and alerting administrators about malware and restricting user write access. Detection strategy involves investigations on all security attacks and ensuring that firewall, endpoint, and web filter logs are retained for at least of 30 days. Response strategy involves immediate disconnection from the network to prevent the infection to other connected devices. These are few measures that we can follow when addressing the ransomware threats.
If you believe that your systems are infected with ransomware, then you can disconnect from the networks by unplugging ethernet cables, disabling wifi or any other network adaptors, and disconnecting external devices such as USB devices, memory sticks, other externally attached devices, and report the incident early as possible to limit the damage and cost recovery.
References
- https://www.lanereport.com/128354/2020/07/the-fastest-growing-cybercrime
- https://security.berkeley.edu/education-awareness/ransomware
- https://www.folderit.com/blog/crypto-ransomware/
- https://www.justice.gov/criminal-ccips/file/872771/download
- https://securityintelligence.com/ransomware-101-what-is-ransomware-and-how-can-you-protect-your-business/
Nicely written.
ReplyDeleteThank you.
DeleteVery informative, great work!!
ReplyDeleteThank you.
DeleteNice work! Keep it up:)
ReplyDeleteNice concise flow Prabod. Keep it up!
ReplyDeleteThank you.
DeleteIs there a difference between Crypto ransomware and traditional ransomware?
ReplyDeleteRansomware is a type of malware that prevents users from accessing their system, either by locking the system. Crypto ransomware encrypts files on a computer so that the user cannot access them.
DeleteNicely written prabod. Do you think, can organization protect their assets 100% from ransomware?
ReplyDeleteThank you. I think 100% is bit difficult, but what we can do is to take preventive measures before facing such a situation and to know what to do if we face an attack.
Delete