Cybersecurity Simplified. Threats Neutralized.

Ransomware – The Bad and The Ugly

Infotechglobe - Your Trusted Protection Against Ransomware

Infotechglobe – Your Trusted Protection Against Ransomware

Ransomware by definition is actually a type of malware that infects a computer, and restricts access to it, unless the owner or user of this computer pays a ransom to the source party operating this malware, in order to provide access back and remove this restriction. Some forms of ransomware systematically encrypt files on the computer’s hard drive, which become difficult or impossible to decrypt without paying the ransom for the encryption key, while some may simply lock the system and display messages intended to coax the user into paying. Ransomware typically propagates as a Trojan, whose payload is disguised as a seemingly legitimate file.

Interesting enough, more patterns are emerging about ransomware affecting not just computer systems, but mobile platforms as well, so mobile users are not spared from this type of attacks due to its wider exposure and sophistication.

Attack techniques and functionality

Spam and phishing campaigns are often used to deliver ransomware. The email message contains a malicious attachment or a link to a malicious file. Once activated, the ransomware may impose a time limit for paying the ransom. This malware can also be delivered by exploit kits on compromised web pages and malicious sites. When a user visits a compromised site serving exploit kit code, the code tries to identify potential vulnerabilities on the user’s system and serves exploits accordingly. Drive-by downloads provide another infection vector. Attackers try to force payment either by encrypting files on the system’s hard drive, or by simply locking the system and displaying messages that coax the user into paying.

Ransomware may include the ability to:

  • Encrypt files with RSA encryption
  • Communicate with command and control servers
  • Enable keylogging
  • Enable network foot printing
  • Kill multiple running processes
  • Include a bank Trojan as a payload
  • Use Tor to host the malicious server
  • Demand payment by bitcoin, avoiding normal payment systems that can lead back to tracking online criminals

For any company’s operations, this could actually become pretty scary, especially if the data is considered very sensitive and of a high value according to the data classification policy adopted. To effectively protect your organization’s critical information and resources, you need a pre-emptive multilayered strategy at the gateway, network and host levels. Clearly, you should make every effort to detect and stop ransomware. If ransomware defeats your protection strategy, however, and your data is encrypted and unrecoverable, then the next best strategy is to have a regularly updated backup. You’re still bound to lose some data—how much depends on how long it’s been since your last backup—but the loss will be far less devastating than it would be without any backup at all. Just having backups isn’t enough, though. You also have to test them.

No doubt, Ransomware is certainly on the rise, and it will continue to be around for quite some time for sure, however, organizations that implement the proper security recommendations will be better prepared to protect their critical assets from this dangerous cyber threat.

To learn more, leave us a message, and we will help you optimizing your security program in order to stop advanced threats, and protect your data.