How To Deal With The Rising Tide Of Ransomware

Uploaded on 2016-04-26 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Of all the money-making schemes hackers employ, the most prevalent is perhaps ransomware, a malware that is usually delivered through infected email attachments and hacked websites or websites featuring ads.

Ransomware encrypts files on a user’s computer and renders them unusable until the victim ransoms the key for a specific amount of money.

Cybercriminals are making millions of dollars from ransomware. According to forecasts and assessments made by experts, the threat of ransomware will continue to rise in the months and years to come. Recently, several organizations were badly hit by ransomware, including a police department in Massachusetts, a church in Oregon, schools in South Carolina schools and several medical centers in California and Kentucky, one of which ended up paying the attackers 40 bitcoins (approximately $17,000).

Attacks on individuals seldom make the headlines, but in 2015 alone, the FBI received some 2,500 complaints related to ransomware attacks, which amounted to approximately $24 million in losses to the victims.

Technologies such as modern encryption, the TOR network and digital currencies like bitcoin are contributing to the rising success of ransomware, enabling hackers to stage attacks with more efficiency while hiding their trace.

In many cases, victims are left with no other choice than to pay the attackers, and even the FBI often advises victims to pay the ransom as the only recourse. Traditional methods and tools no longer suffice to deal with the fast-evolving landscape of ransomware viruses, and new approaches are needed to detect and counter its devastating effects.

Most security practices rely largely on regularly updating your operating system, software and antivirus tools, which are effective to protect yourself against known ransomware viruses — but are of no use against its unknown variants.

The other safeguard against ransomware is to keep offline backups of your files, which will enable you to restore your hostage files without paying the crooks. This is a very effective method, but for many organizations, the downtime of a ransomware attack is more damaging than the ransom itself, which warrants the need for methods that can help avoid ransomware altogether.

The high success rates of ransomware attacks are directly attributed to the shortcomings of antivirus software that rely on static, signature-based methods to detect ransomware. With several variants of ransomware being developed on a daily basis, there’s simply no way signature-based defenses can keep up. Udi Shamir, Chief Security Officer at cybersecurity firm Sentinel One, explains, “With minor modifications a cybercriminal can take a well-known form of ransomware like CryptoLocker, and make it completely unknown and undetectable to antivirus software.”

Cybercriminals are making millions of dollars from ransomware

Experts agree that fighting ransomware needs a new approach, one that should be based on behavior analysis rather than signature comparison. “Behavior-based detection mechanisms are now playing a key role in detecting and preventing ransomware-based attacks,” Shamir says. “While there may be many ransomware variants in the wild, they all share a common set of traits that can be detected during execution.”

Most ransomware can be detected through a set of shared behavioral characteristics. Attempts at deleting Windows Shadow Copies, disabling Startup Repair or stopping services such as WinDefend and BITS are telltale signs of ransomware work. “Each of these actions are behaviors that, if detected, translate into a ransomware attack,” Shamir explains.

This is the general idea behind some of the newer security tools — instead of making signature-based comparisons, processes are scrutinized based on their behavior and blocked if found to be carrying out malicious activity. “Once detected, any malicious processes are killed instantly, malicious files are quarantined, and endpoints are removed from the network to prevent any further spread,” Shamir says.

 “The new ‘next-generation’ endpoint protection solutions have proven to be effective against all variants of ransomware,” Shamir says.

Prevention without detection

One of the methods ransomware developers use to evade detection is to force their tool to remain in a dormant state while it is under examination by security tools. This enables new variants of the virus to get past antiviruses and even some behavioral-based security solutions without being discovered. Once out of the sandbox, the ransomware is in the ideal environment to unpack its malicious payload and deal its full damage.

The workaround to this technique, as discovered by an Israeli cybersecurity startup, is to trick the ransomware that it is always in the sandbox environment, which will convince it to remain in the “sleeping” state and never wake up to deploy itself.

TechCrunch

« Cybercrime Increases As Crooks Get AI Smarter
US Give Philippines Eyes On The South China Sea »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

SealPath

SealPath

SealPath enables companies to protect and control their documents wherever they are: In their PC, in their corporate network, on a partner’s network, in the cloud.

Irish Reporting & Information Security Service (IRISS)

Irish Reporting & Information Security Service (IRISS)

IRISS-CERT is Ireland's first CSIRT (Computer Security Incident Response Team) to provide services to all users within Ireland.

World Wide Technology (WWT)

World Wide Technology (WWT)

WWT is a technology solution provider in the areas of big data, collaboration, computing and cloud, mobility, networking, security and storage.

Comarch

Comarch

Comarch is a provider of IT business solutions to optimize operational and business processes. Cyber security solutions are focused on Identity Management and Security Assessment services.

Silensec

Silensec

Silensec is a management consulting, technology services and training company specialized in information security.

Emsisoft

Emsisoft

Emsisoft protects your devices against all types of malware, ransomware and other threats with no-bloat anti-malware & antivirus solutions.

Canadian Institute for Cybersecurity (CIC)

Canadian Institute for Cybersecurity (CIC)

The Canadian Institute for Cybersecurity (CIC) is a comprehensive multidisciplinary training, research and development, and entrepreneurial unit.

Forum of Incident Response & Security Teams (FIRST)

Forum of Incident Response & Security Teams (FIRST)

FIRST is the global Forum of Incident Response and Security Teams.

Internet Infrastructure Investigation

Internet Infrastructure Investigation

Internet Infrastructure Investigation offers a bespoke Internet Governance Solution to your brands online infringement problems.

Stratia Cyber

Stratia Cyber

Stratia Cyber is an independent, technology agnostic company providing high quality, pragmatic cyber security consultancy and expertise.

LastPass

LastPass

LastPass provides award-winning password and identity management solutions that are convenient, effortless, and easy to manage.

Darktrace

Darktrace

Darktrace is a global leader in cybersecurity AI, delivering complete AI-powered solutions in its mission to free the world of cyber disruption.

Qeros

Qeros

Qeros is a next-generation distributed system enables secure data and transaction processing at the velocity of thought.

Securadin

Securadin

Securadin - Defending Your Data Security. We will assist you in learning how to maintain the confidentiality, integrity, and availability of your organization's assets.

Kong

Kong

Kong - powering the API world. Increase developer productivity, security, and performance at scale with the unified platform for API management, service mesh, and ingress controller.

IONIX

IONIX

IONIX (formerly Cyberpion) is the attack surface management solution that uses Connective Intelligence to shine a spotlight on exploitable risks across your supply chain.