The Ugly Reality of Randsomeware

Virtual ArmourNews

This malicious software will kidnap your data, hold a gun to its head and say: your move. Some attacks go even further and plant incriminating evidence on your computer to prevent the authorities getting involved.

Ransomware exists in numerous forms and its methods are constantly evolving. Attackers employ this software to obtain leverage over you in the hope that you will pay to avoid the consequences. The new generation of cryptocurrencies, like Bitcoin, have enabled attackers to receive payments anonymously to continue wreaking havoc on personal and business computers across the world.

Untraceable Cryptoviruses

The FBI estimates that $21 million worth of revenue has been generated by the two leading Trojan viruses, CryptoLocker and CryptoWall. Many cyberattacks claim that your data will be lost unless you pay a ransom but this software actually follows through. These cryptoviruses encrypt multiple files on your computer – including videos, photos, and documents – and generate a strong encryption key that locks your data away.

The majority of these keys cannot be cracked, not even by the fastest supercomputers in the world – so your data is truly lost. Text files on the infected computer inform the user that their key will be destroyed after a short period of time. That is, unless you pay the ransom to retrieve the encryption key from the attacker’s server. The ransom is typically $400 and is paid via untraceable Bitcoin. Sometimes the data is returned after payment but the attackers are obviously under no obligation to return anything.

Leakware Threatens Company Reputations

An offshoot of ransomware, dubbed “leakware” has been targeting large businesses to obtain protected data. Leakware threatens to leak everything unless a ransom is paid. The healthcare and finance industries have been particularly targeted by these sort of attacks, since patient health records (which contain information like social security numbers, addresses, and medical records) are very high value and easily exploitable. A company’s financial records, along with all the employee information stored in the HR database, is another common target.

It gets worse. To further coerce the organization or individual to pay the ransom, illegal material, such as banned pornography or pirated content, is often planted on the computer. This deters users and businesses from reporting the incident to the police for fear of additional legal consequences or tarnishing their reputation.

Ransom Denial of Service Attacks

This last branch of ransomware will take down your websites instead of going after your data. For unprepared businesses, DDoS (Distributed Denial of Service) attacks can be even harder to protect against. DDoS attacks target your servers by overloading them with traffic. This traffic comes from botnets, which are large groups of infected computers across the globe. On such a large scale, it’s hard to distinguish which traffic is legitimate and which is not. This means traditional techniques like blocking single IP addresses don’t work.

While your websites are down and you’re scrambling to get them back up, the attackers will demand a ransom for them to stop. Businesses which rely on selling products or services through their website could potentially lose multiple days’ worth of revenue. Customer trust is also degraded when the uptime of your resources are affected.

Protecting Your Business From Ransomware Attacks

So what can you do to mitigate and prevent ransomware from affecting you? It all starts with your employees. Ransomware combines social engineering with malicious technology. The first step you can take is to educate your users to not open unknown files or attachments. In addition to this, they should not pay the ransom. It’s been reported that around half of the time, even after the victim pays the ransom, they don’t get the key to unlock their data. Bitcoin transfers are irreversible and attackers have no motivation to keep good faith.

It’s also critical to stress that every business has daily backups and a disaster recovery plan so that in the wake of an attack, they are able to restore their mission critical files. There are also NGES (next gen endpoint security) tools available to prevent the execution of ransomware in the first place. NGES solutions work by only allowing known good files and applications to run.

Furthermore, there are attacker deception technologies where traps or lures can be set up throughout your IT environment. These traps act as tripwires for the bad guys. Ideally, you insert so many traps that they outnumber your real assets, thereby making it more likely that ransomware will attempt to run on a fake/lure machine, which will alert your information security group to an attack.

Lastly, to mitigate against RDOS attacks, an organization would ideally have a two-prong strategy to deal with DDoS, a combination of an on-premise and a hosted data scrubbing solution. When an attacker realizes that an enterprise has DDoS mitigation in place, they will usually try their hand elsewhere.

It is important to realize that there is no magic bullet when it comes to information security – the best defense is the security-in-layers approach. To achieve a great security posture, an organization must take a security-focused mindset from the get-go and place as many deterrents as possible in all areas of their infrastructure.