Ransomware in targeted attacks

Ransomware’s popularity has attracted the attention of cyber criminal gangs; they use these malicious programs in targeted attacks on large organizations in order to steal money. In late 2016, we detected an increase in the number of attacks, the main goal of which was to launch an encryptor on an organization’s network nodes and servers. This is due to the fact that organizing such attacks is simple, while their profitability is high:

Today, an attacker (or a group) can easily create their own encryptor without making any special effort. A vivid example is the Mamba encryptor based on DiskCryptor, an open source software. Some cybercriminal groups do not even take the trouble of involving programmers; instead, they use this legal utility “out of the box.”

DiskСryptor utility

The model of attack looks like this:

  1. Search for an organisation that has an unprotected server with RDP access.
  2. Guess the password (or buy access on the black market).
  3. Encrypt a node or server manually.

Related image

Notification about encrypting the organization’s server

The cost to organize such an attack is minimal, while the profit could reach thousands of dollars. Some partners of well-known encryptors resort to the same scheme. The only difference is the fact that, in order to encrypt the files, they use a version of a ransom program purchased from the group’s developer.

However, true professionals are also active on the playing field. They carefully select targets (major companies with a large number of network nodes), and organize attacks that can last weeks and go through several stages:

  1. Searching for a victim
  2. Studying the possibility of penetration
  3. Penetrating the organization’s network by using exploits for popular software or Trojans on the infected network nodes
  4. Gaining a foothold on the network and researching its topology
  5. Acquiring the necessary rights to install the encryptor on all the organization’s nodes/servers
  6. Installing the encryptor

Read the full story at SecureList.com

Ransomware - What you need to know!

Ransomware is an extremely high risk cybersecurity threat that security industry experts worldwide, expect to grow significantly this year and beyond.

Ransomware is essentially malicious software that gives a hacker the ability to lock you out of your business by encrypting mission critical files on individual computers or across entire networks.

Cybersecurity Research on Ransomware

According to one a recent cybersecurity research report more than 8 million samples of ransomware were active in the second quarter of 2016.

It is critical now more than ever, that businesses and their staff are properly educated to mitigate this growing threat.

Ransomware can cost you a lot more than money.

Ransomware can cost you a lot more than money. How long could you survive if your business was locked out of its critical systems?

The minute the attacker gains access, files and folders can be encrypted that can only be released, usually by paying huge sums of money – hence ransom.

There are a few key points to note about ransomware enterprise attacks:

  1. The attacker typically has a list of the file extensions that they are going to encrypt. These files tend to be essential to business operations.
  2. Reverse-engineering the encryption (“cracking”) the files, is virtually impossible without the original encryption key. The attackers are the only people who will have the original encryption key.
  3. Unintentional human error due to a lack of cybersecurity education is one of the top reasons that hackers are able to infiltrate a network or computer.

What Precautions Can Businesses Take?

Ransomware can work its way into a computer, server, or network from practically any source. Popular modes of entry include:

Ransomware Tactics:

One of the best tactics to avoid ransomware attacks is to ensure that your employees are educated about the potential dangers.

From teaching employees to never click on a suspicious embedded links, to showing them how to spot fake emails, or webpages. Education is paramount to protecting your business and data assets. In addition to employee education, company-sensitive, confidential, and important files should be securely backed up in an unconnected and secure storage facility.

By taking the latter precaution you can mitigate the bargaining power of a hacker using ransomware.

Final Thoughts

Ransomware can be used by domestic and international hackers at any point in time, unless businesses take the steps needed to protect their vital data and computer systems.

Education, secure data storage, and working with a top cybersecurity company can help businesses to avoid the costly repercussions of a ransomware attack.