Ransomware: What is it and how do you avoid it? Part 1

Businesses large and small are under threat from increasingly aggressive and brutal ransomware attacks. Loss of access to critical files, followed by a demand for payment can cause massive disruption to an organization’s productivity.

But what does a typical attack look like? And what security solutions should be in place to give the best possible defense?

Ransomware – a brief introduction

Ransomware is one of the most widespread and damaging threats that internet users face. Since the infamous CryptoLocker first appeared in 2013, we’ve seen a new era of file-encrypting ransomware variants delivered through spam messages and Exploit Kits, extorting money from home users and businesses alike. Each distinct category of malware has shared a common goal – to extort money from victims through social engineering and outright intimidation. The demands for money have grown more forceful with each iteration.

Why are ransomware attacks so successful?

Most organizations have at least some form of IT security in place. So why are ransomware attacks slipping through the net?

1. Sophisticated attack techniques and constant innovation

-Access to ready-made ‘Exploit as a Service’ (EaaS) programs is increasingly easy, making it simple to initiate, successfully complete and benefit from an attack, even for less tech-savvy criminals. 

-Skillful social engineering is used to prompt the user to run the installation routine of the ransomware. For example you may receive an email that reads something like this: “My organization’s requirements are in the attached file, please provide me with a quote.”

2. Security holes at affected companies

-Inadequate backup strategy (no real-time backups, backups not offline/off-site).

-Updates/patches for operating system and applications are not implemented swiftly enough.

-Lack of user security training 

(“Which documents may I open and from whom?”, “What is the procedure if a document looks malicious”, “How do I recognize a phishing email?”).

-Security systems (virus scanners, firewalls, IPS, email/web gateways) are not implemented or are not configured correctly. Inadequate network segmentation can also be included here (servers and work stations in the same network).

3. Lack of advanced prevention technology

-Many organizations have some form of generic protection.

-Ransomware is constantly being updated to exploit and avoid this protection. For example, deleting itself so quickly after encrypting files that it can’t be analyzed.

-Solutions need to be designed specifically to combat ransomware techniques.