As technology evolves, ransomware has increasingly become a major threat to businesses and Cyber Security. Ransomware has become a lucrative option for cyber criminals, when run the malware encrypts data on infected systems allowing criminals to demand payment in a cryptocurrency such as bitcoin. Ransomeware targets organizations of all types and sizes with small businesses being more vulnerable to ransomware attacks. In a recent study, researchers identified more than 4 million samples of ransomware in 2015. That compares with fewer than 1.5 million samples identified in 2013. That is an indication that ransomware is on the rise. Just like the flu virus, ransomware evolves constantly.
In today’s business environment, there are a few dominant types of ransomware. It is expected that more and more families of ransomware will continue to emerge as technology evolves. Historically, ransomware has been targeting Adobe PDF, Microsoft Office, and images files. A recent study conducted by McAfee Labs, a security software vendor predicts that other types of files will become targets as the malware continues to evolve.
Most ransomware encrypts files through the AES algorithms, but there are alternative algorithms. Once files are encrypted, cyber extortionists demand payment in the form of online payment vouchers and Bitcoins. The ransom amount is often quite modest. The standard rate is about £300, but it can be much higher. Cyber extortionists behind ransomware target wealthy countries and cities where businesses can afford to pay the ransom. Recently, the world has witnessed repeat attacks on specific fields, most notably the NHS in the UK.
The most common method of spreading ransomware is spam botnet. It uses some form of social engineering to spread ransomware by phishing victims into clicking a link or downloading an e-mail attachment. It may come in form of a fake email message that appears to be a note from a colleague, supplier, customer or friend. A link or email attachment might come from a trusted institution such as insurance company requesting you to perform a routine task. Scare tactics are also employed such as claiming that your laptops were used for criminal activities. Once you click a link or download an email attachment, ransomware installs itself on the system and begins to encrypt your files. Encryption can take place in the blink of an eye with a single click.
Ransomware may also spread in form of software packages known as exploit kits. These software packages identify vulnerabilities of a system and exploit them to install the malware. Cyber criminals install code on legitimate websites to redirect computer users to malicious locations. Unlike spam botnets, exploit kit attacks do not require additional actions from the computer user. Angler exploit kit is the most common software packages in use today. In a study conducted by Sophos, a security software vendor showed that Angler runs in thousands of new web pages created every day. It uses JavaScript and HTML to identify victim’s installed plugins and browser allowing cyber extortionists to launch an attack that is likely to be the most successful. Angler uses a variety of obfuscation techniques to evade detection by security software.
Ransomware is constantly evolving and new types are surfacing all the time. It would, therefore, be difficult, if not impossible, to pile up a list of all types of ransomware in existence today. The following is a list of the major ransomware in existence.
For the past two decades, ransomware has been around, but it came to prominence in 2013 with the emergence of CryptoLocker. However, it was shut down in May 2014 after the hacker behind it extorted almost $3 million from victims. Today’s ransomware has widely copied the original CryptoLocker, but it is not directly linked to the original version. It is spread via spam and exploit kits. Once it is run, CryptoLocker installs itself in the Windows User Profile and encrypts mapped network drives and files across local hard drives. Once the malware encrypts the files, the hacker leaves a message demanding payment in the form of Bitcoin.
CryptoWall gained popularity in early 2014 after the downfall of the original CryptoLocker. It appears in a variety of versions such as CryptoDefense, CryptoWall 2.0, CryptoWall 3.0, and CryptoBit. Like the original CryptoLocker, CryptoWall spreads in form of exploit kits and spam.
Unlike other versions of ransomware, CTB-Locker takes a different approach to virus distribution. It uses Elliptic Curve Cryptography to encode files. Cyber criminals behind CTB-Locker outsource the infection process to partners in exchange for profits reduction. CTB-Locker is a proven strategy for spreading malware infections at a faster rate.
It is a relatively new version of ransomware that takes a similar approach to virus infection. It is spread in the form of an email message camouflaged as an invoice. Once the email message opens, the user is instructed to run macros to read the document. After enabling macros, the malware begins to encrypt files using AES algorithm. Once encryption is complete, the hacker demands ransom in the form of bitcoins.
Just like other types of ransomware, TeslaCrypt uses AES algorithm to encrypt files. It spreads via Angler exploit kit and targets the vulnerabilities of Adobe PDF. Once TeslaCrypt attacks Adobe PDF, it installs itself in a temp Microsoft folder. When it comes to asking for ransom, TeslaCrypt gives a few payment options, which include Ukash, Bitcoin, and PaySafeCard.
TorrentLocker spreads via spam email. It uses AES algorithms to encode victim’s files. Besides encrypting files, TorrentLocker collects email addresses from the victim’s device to spread the malware beyond the infected network. It uses a technique known as process hollowing to launch Windows system process in a suspended state while malicious code installs. The malware also prevents system restoration using Windows file recovery tools. Just like other versions of ransomware, TorrentLocker prefers bitcoin as the preferred currency for a ransom payment.
The malware was recently discovered on a popular BitTorrent client. At this point, it is not widely spread, but it is worth noting as is the first malware designed to lock Mac OS X applications.
With the emergence of ransomware, cyber criminals have increasingly become a formidable threat. Although small-to-mid-sized companies are not the main targets of ransomware campaigns, they are more vulnerable to attacks. Often, small businesses rely on outdated technology due to financial constraints. As new versions of ransomware surfaces, so do the techniques of protecting your business against ransomware attacks. Although security software is essential, you cannot rely on it alone. The following are approaches to a good ransomware protection strategy:
Antivirus software is essential for any business to protect itself against ransomware and other cyber threats. Always update your antivirus software to protect your system against newly identified cyber threats. You could also keep your computer files patched and updated to minimize vulnerabilities. Some security software products offer specific ransomware functionality. For example, Sophos can detect malicious activities such as registry changes and file extensions. If it detects ransomware attack, Sophos has the ability to block it and alert the user. However, as ransomware evolves, note that even the best antivirus software can be breached. That is why backup is critical for a business to recover once malware strikes. Antivirus updates should not be ignored due to time constraints. Antivirus maintenance is critical in ensuring that your system is protected against cyber threats. In the past few years, the vulnerabilities of Adobe PDF gave birth to major ransomware attacks. It would be good if you seek the assistance of an IT security expert to efficiently protect your software from exploits.
With modern protection solutions such as Datto, you can take incremental backups as often as ten minutes to build a series of recovery points. Once your business suffers a ransomware attack, Datto protection solutions allow you to roll your data back to a point before the attack occurred. The benefits of a secondary layer of protection can be two-fold. Firstly, you do not have to pay ransom to recover your data. Next, you restore to a point before the attack happened; therefore, you can be certain that your data is clean and secure from future attacks. In fact, data protection solutions allow you to run applications from backups of virtual machines. That way you can recover your data instantly after the attack. Instant data recovery technology can be useful for recovering from ransomware attack as it allows the user to continue working as the primary system restores. A good example of such technology is Instant Virtualization. It virtualizes systems either remotely or locally in a secure cloud within seconds. It ensures that businesses run even when ransomware attacks strike. Visit https://www.ncsc.gov.uk/guidance/ransomware-guidance-enterprise-administrators for more information.
Education is critical in protecting your business against cyber threats. It is important that your staff understands how ransomware works and the threats it poses to your business. Make your staff understand specific examples of suspicious emails and links and tell them what action to take once they encounter a potential ransomware lure. It is critical that you conduct bi-annual formal training to inform staff about the risk of different cyber threats. Once you hire new employees, make sure you bring them up to date about cyber best practices. You could send them emails to ensure that the message is communicated clearly to everyone in the organisation. Furthermore, keep staff updated as ransomware changes over time. System security starts with the users. Attacks spread via email such as CryptoWall could be easily prevented if your staffs are aware of the best IT security practices. An hour spent orienting employees about the best IT security practices can greatly reduce the risk of ransomware infection.
Ransomware may gain control over your system by exploiting vulnerabilities in web browsers, operating systems, and browser plugins. Often, these vulnerabilities are known to the software providers and they can make patches to mitigate them. The most effective ways to protect systems against ransomware attacks is to mitigate the vulnerabilities. According to Government NCSC you could increase protection against ransomware by patching the device used for web browsing, it is important to patch the system they are connected to as well.
One of the common ways that hackers gain code execution is to trick users into running unauthorized codes. You can protect your system against cyber criminals by preventing all macros from running. It is critical to ensure that users cannot install software on their devices without authorisation. Note that users may sometimes need to run pre-authorised codes. Make sure they do not enable macros secretly to reduce vulnerabilities.
The best IT security practice is to consult professional IT service companies. That is equivalent to having a virtual SWAT team to protect your systems from cyber extortionists. Unlike other cyber threat protection policies, working with professional IT service do not divert your effort and time from the things that matter most. Consulting professional IT service gives you the best cost-effective solutions in protecting your organisation against ransomware and cyber exploits.
Conclusion
Cyber extortionists armed with ransomware are a formidable threat to today’s businesses ranging from a local coffee shop to the Fortune 500 Company. Never estimate the expertise of today’s cyber extortionists. They are constantly adapting and refining their weapons. As such, you need to install high-end security software and backup. User awareness and security software can be instrumental in mitigating cyber exploits. Vulnerability management and controlling code execution are still essential in protecting your system from hackers. In the end, the backup will help you pick up the pieces when all other methods fail. Install modern backup products that can permanently eliminate future downtime.
Send us your CV and have our recruiters match you to the ideal opportunities
Do you already have an account with us?
Log inWant to have an account with us?
RegisterWant to just send us your CV?
By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.