Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

To Defend Against Ransomware, Remember Health is Wealth

Ransomware Targets Businesses

Ransomware Targets Businesses

Ralph Waldo Emerson said, “The first wealth is health.” With ransomware dominating the malware market, it’s important to keep this in mind. Your high-value digital assets and systems are increasingly the target of adversaries launching ever-more malicious ransomware campaigns. Without healthy security practices, you risk significant disruption, damage, and costs.  

There are dozens of ransomware variants, many language-specific, and all of them resilient. Although it is not a new threat, ransomware has reached a new level of effectiveness with cryptographically sound file encryption and has evolved to become the most profitable malware type in history. In the first half of 2016, ransomware campaigns targeting both individual and enterprise users became more widespread and potent. Estimates put these attacks on pace to reach $1 billion this year.

Given its success, we’ll likely experience more destructive ransomware that is able to spread by itself without relying on an unwitting target to click on an email or be exposed to malvertising. Some threat actors are now using network and server-side vulnerabilities to self-propagate. These new vectors provide an opportunity for attackers to quietly carry out ransomware campaigns that could potentially affect entire industries.

One widespread campaign that appeared to target the healthcare industry earlier this year employed the Samas/Samsam/MSIL.B/C (“SamSam”) ransomware variant, which was distributed through compromised servers. The threat actors used the servers to move laterally through the network and compromise additional machines, which were then held for ransom. Adversaries used JexBoss, an open-source tool for testing and exploiting JBoss application servers, to gain a foothold in organizations’ networks. Once they had access to the network, they proceeded to encrypt multiple Microsoft Windows systems using the SamSam ransomware family. In many respects, the SamSam attack was inevitable because many organizations were operating JBoss servers with unpatched vulnerabilities, despite the fact that they had been informed to take the servers offline and upgrade them immediately. 

Data integrity is another new concern when it comes to ransomware. While it may seem that paying the ransom is the easiest (and only) thing to do, this requires that targets “trust” that their attackers will follow through if the ransom is paid. But in a ransomware situation files may not be able to be decrypted, may have been tampered with, and could even be lost or deleted, as demonstrated by a recent variant called Ranscam. Depending on the type of files, for example medical records, the fallout could be dire. 

Backing up critical data and confirming that those backups are not susceptible to compromise and can be restored quickly is an effective way to negate the threat of ransom. There’s no need to worry about data integrity and “trusting” attackers if you have current backups that are off-site and well-protected from compromise.

At the same time, it’s clear that vulnerabilities sit at the intersection of increasingly faster changes in technology, and organizations’ ability to keep pace with that change and limit threat vector opportunities. If defenders can close the window of opportunity for attackers by accelerating their time to secure, they reduce the threat. 

Good hygiene goes a long way to preventing and mitigating ransomware attacks. Being more proactive about patching vulnerable Internet infrastructure and systems reduces the opportunities for attackers to launch a ransomware campaign against your organization. If defenders leave vulnerabilities open and unpatched, attackers use them as a stepping-stone to launch their campaigns. Other security hygiene measures like better password management (putting a stop to shared passwords and “overprivileged” accounts), can also make infections much more difficult. 

Advertisement. Scroll to continue reading.

Software-defined segmentation can also stop or slow the lateral movement of self-propagating threats as well as contain them. By enabling companies to segment their network from the user and device level all the way back to the server, it dramatically curtails the ability of attackers to move about the network, limiting the spread of destructive ransomware and helping to keep critical assets safe. 

The wave of ransomware will likely become more pervasive, particularly for organizations that don’t focus on their health. But with good security hygiene and a few basic measures you’ll be able to more effectively block, contain, and negate the impact of ransomware.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.