Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files unless a ransom is paid. These attacks appeared in 64% of all malicious emails sent in Q3 in 2017.

“6 in 10 malware payloads were ransomware in Q1 2017”

Recently in Canada, hackers have demanded a ransom of 1 million Canadian dollars in Ripple cryptocurrency (XRP) from two banks, Bank of Montreal, a BMO Financial Group, and Simplii Financial, a banking subsidiary of the Canadian Imperial Bank of Commerce.

Hackers warned BMO and Simplii that they would share the bank’s customer information if banks don’t cooperate through mail.

The Customer information includes the names, account numbers, account balances, passwords, security questions, and social insurance numbers. .

An algorithm  was used by the hackers to generate authentic account numbers, which enabled them to pose as legitimate accountholders. Ultimately this made  hackers to  undertake the “lost password” process which enabled them to reset security questions and gain access to accounts.

Though headlines have educated users on the devastating effects of ransomware, businesses and consumers need to follow basic cybersecurity standards to protect themselves. The best defense against ransomware is

 PROTECTION IS BETTER THAN CURE

• Be cautious about unsolicited emails, especially those with attachments.
• Back up all your data so that it doesn’t get infected in case if you make any mistake. This is the fastest way to regain access to data.
• Companies to ensure that their systems have the latest security patches.
• Employees to be careful while opening their mails since malware appears to be distributed through email.
• Configure your mail server by Anti-spam setting
• Avoid Suspicious Link – check URL before going through it
• Turn on Firewall
• Regular Security Auditing in Organization
• Disable macros and ActiveX for piracy version software
• Implement strong Password
• Implement application whitelisting on your endpoints to block all unknown and unwanted applications

MUST KNOW RANSOMWARE STATISTICS:

• A company is hit with ransomware every 40 seconds.
• 15% or more of businesses in the top 10 industry sectors have been attacked.
• 1 in 4 businesses hit with ransomware have 1,000 employees or more.
• 71% of companies targeted by ransomware attacks have been infected.
• Nearly half of ransomware attacks infect at least 20 employees.
• The average ransom demand has risen to $1,077.
• 1 in 5 businesses that paid the ransom never got their files back.

HOW RANSOMWARE ARE HIDDEN FROM ANTIVIRUS?

Ransomware signatures are not updated in Antivirus Database

• Malware Security Researcher are less aware about malware prevention
• Encrypted Network traffic makes much difficult to detect
• Anti-sand Box Mechanics
• Fast Flux – the DNS send from attackers are numerous thus it is hard to find by virus
• Encrypted Payloads
• Polymorphic behavior

TACTICAL SOLUTION APPROACH FOR RANSOMWARE

• Find available decryption tools – A wealth of free decryption tools that can detect and remove screen-locker ransomware and certain variants of crypto-ransomware are now readily available from different security vendors. These can be used to avoid having to pay for corresponding decryption keys.
• Implement a comprehensive data backup and recovery plan – Developing a comprehensive backup and recovery plan ensures that an organization’s valuable data is intact even after cases of data loss, which isn’t limited to ransomware infections. With this in place, the organization will be able to easily get back on its feet and resume operations.
• Conduct post-incident analysis of the infection – Once the incident has been properly dealt with, investigate and scope the breadth and magnitude of the infection. More importantly, analyze the source of the infection to identify vulnerabilities and system weaknesses that should be addressed to prevent recurrence.
• A sandbox analysis of the ransomware in question could help determine the malware’s behavior. This could also be used to identify Indicators of Compromise from its capabilities, routines, and tactics employed that would improve detection and develop ways to prevent future incidents.
• The rapid development of ransomware with updated variants and families introduced almost daily shows that cyber criminals see this as a lucrative form of attack. A multi-layered approach to security is vital in ensuring that all possible entry points are well-defended from ransomware.

Just reach and hire Novature Tech to create Business Driven security solutions for your organization.

Email – info@novaturetech.com

Author: Arul Selvar   | Posted On: 5th June 2018   | Category: Article