The ransomware scourge, which broke years ago with the emergence of police locker, is deadlier than ever. Today, it’s the fastest growing malware threat according to the U.S. Department of Justice. Since January 1 of this year, there have been an estimated 4,000 ransomware attacks every day — a 4-time jump from 2015 which saw approximately 1,000 attacks per day.
In the simplest terms, ransomware is a form of malware that extorts money by encrypting files or data to prevent access to business systems and resources. After locking down systems, it may direct a user to click on a link to pay a ransom in exchange for the encryption key.
With ransomware growing more sophisticated and destructive every day, IT security experts need to be able to recognize the different variants of this debilitating malware menace and protect systems and data from it. Here’s an overview of nine ways ransomware can bring operations to a halt, as well as steps to avoid being attacked, or at a minimum, mitigate damage.
Ransomware Attacks In A Variety Of Ways
- Drive encryption encrypts master file tables containing information on how folders and files are allocated, making all data on a drive impossible to access.
- Web server encryption programs like RansomWeb and Kimcilware exploit vulnerabilities in web servers, encrypting website databases and hosted files to render the website defunct.
- Network encryption exploits including DMA Locker, Locky, Cerber and CryptoFortress attack server message blocks to encrypt data on network drives.
- Cloud encryption deletes or overwrites cloud backups, bringing the safety of backing up data to cloud storage and file shares into question.
- Non-Windows attacks by ransomware such as SimpleLocker targets Android, while Linux.Encode.1 hits files on Linux; and KeRanger, on OSX.
- File deletion. Known as Jigsaw, these programs start to delete files either every hour, or whenever the user restarts the computer.
- File compression. Maktub ransomware incorporates compression into the encryption process to accelerate attack setup.
- Speaker control programs access computers’ speakers to shout ransom demands to victims. Called Cerber, it broadcasts the message: “Attention! Attention! Attention! Your documents, photos, databases and other important files have been encrypted!”
- Ransomware as a service provides for a price malicious code and the means to transfer funds and encryption keys to any miscreant motivated to launch an attack.
Ransomware Prevention And Data Protection Is The Best Policy
The consequences of ransomware can be severe and include loss of sensitive information, business disruption, financial loss and erosion of trust. To avoid the risks, the U.S. Department of Justice recommends taking steps that include:
- Educating users on the dangers of clicking on attachments and links in unsolicited emails.
- Using spam filters to prevent phishing emails from reaching targets as well as solutions for inbound email authentication.
- Scanning email attachments – a main ransomware entry point — and filtering executables.
- Patching and installing updates on schedule.
- Backing up data regularly, securing them, verifying their integrity and testing restoration.
- Deploying perimeter, web application and internal segmentation firewalls to block malicious code at critical network points.
To this last point, CCSI is a partner of leading cybersecurity solutions provider, Fortinet. Through our partnership, we offer best-in-class firewall technology as part of a cohesive fabric of security that enables intrusion prevention, detection and blocking systems to seamlessly share intelligence on ransomware variants and other threats. Contact us.