Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

It’s Official, Ransomware Has Gone Corporate

In late 2014 my company predicted that ransomware attacks would shift from consumers to businesses to extort larger ransoms for unlocking encrypted files. Unfortunately, this prediction has come true.

In late 2014 my company predicted that ransomware attacks would shift from consumers to businesses to extort larger ransoms for unlocking encrypted files. Unfortunately, this prediction has come true.

Recent Data from the FBI’s Internet Crime Complaint Center (IC3) shows ransomware continues to spread and is infecting devices around the globe. IC3 identified CryptoWall as the most significant ransomware threat targeting U.S. individuals and businesses.

RansomwareCryptoWall and its variants have been used to target U.S. victims since April 2014. The financial impact to victims goes beyond the ransom fee itself, which is typically between $200 and $10,000. Many victims incur additional costs associated with network mitigation, network countermeasures, loss of productivity, legal fees, IT services, and/or the purchase of credit monitoring services for employees or customers. Between April 2014 and June 2015, the IC3 received 992 CryptoWall-related complaints, with victims reporting losses totaling over $18 million. In October 2015, experts estimated that the group behind CryptoWall attacks caused $325 million in damages after infecting hundreds of thousands of computers across the world.

These financial fraud schemes are usually very successful, and have a significant impact on victims. The problem begins when a victim clicks on an infected advertisement, email, or attachment, or visits an infected website. Once a victim’s device is infected with ransomware, the victim’s files become encrypted. In most cases, once the victim pays a ransom fee, they regain access to the files that were encrypted.

Ransomware is not just lucrative for criminals, but also relatively easy to carry out. The advent of bitcoin has transformed ransomware into a money-making machine anyone can use. Most criminals demand payment in Bitcoin, according to the FBI. Criminals prefer Bitcoin because it’s easy-to-use, fast, publicly available, decentralized, and provides strong anonymity.

Attacks Growing in Sophistication

Ransomware has become a cash cow for cybercriminals. As a result, they are investing in better attack techniques to evade detection by the more advanced security systems in place at enterprises. A few weeks ago reports emerged about victims being attacked by a new ransomware variant called XRTN. Unlike traditional approaches, XRTN uses a “pure” batch script as its payload delivery mechanism. This makes it even easier for the malware to bypass anti-virus (AV) solutions.

Until now, binary files were the most common method for delivering payloads used by ransomware. This made it possible to develop static AV or IOC-based signatures aimed to detect “known malicious files”. Scripts, on the other hand, contain text-based commands that appear benign to AV tools. In addition, the arbitrary obfuscation of scripts further complicates things for an AV tool, making it harder to generate effective signatures that do not introduce multiple false positives.

3 Ways Companies Can Protect Themselves

Advertisement. Scroll to continue reading.

1. Employee training

Clearly, the best defense against ransomware is to deny criminals access to your system and ultimately data. If they can’t access your system, they can’t hold your data hostage. The simplest way to avoid these attacks is to educate employees about ransomware, and the techniques criminals use to launch attacks such as phishing emails or distribution through social media channels.

Some common spear phishing tactics used to deliver ransomware are:

– Spoofing law enforcement agencies through emails that claim you downloaded illegal content and demand you pay a fine for the violation

– Sending a message that says your Windows program is bogus and requires a legitimate version

– Sending a message that your security software is out-of-date or not working.

2. Maintain up-to-date backups

If your enterprise follows a strict routine of frequent backups, you will be better prepared to respond to ransomware attacks. Oftentimes, even after a ransom is paid, the criminal will permanently delete files. Having a consistent set of backups allows systems to be restored to a last known good backup.

3. Consider new endpoint protection approaches

To fully protect endpoints against increasingly sophisticated threats, organizations need advanced endpoint protection that goes beyond the capabilities of AV and sandboxing products. New approaches combine dynamic real-time endpoint activity monitoring with behavioral analysis to pinpoint malicious behaviors and block threats like ransomware before they can execute (and encrypt files).

Ideally, endpoint protection should incorporate prediction, prevention, detection, and remediation. Working together with forensics, these four capabilities deliver the strongest possible defense against both known and zero-day attacks in real-time, including the most virulent forms of ransomware.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.