How To Deal With The Rising Tide Of Ransomware

Of all the money-making schemes hackers employ, the most prevalent is perhaps ransomware, a malware that is usually delivered through infected email attachments and hacked websites or websites featuring ads.

Ransomware encrypts files on a user’s computer and renders them unusable until the victim ransoms the key for a specific amount of money.

Cybercriminals are making millions of dollars from ransomware. According to forecasts and assessments made by experts, the threat of ransomware will continue to rise in the months and years to come. Recently, several organizations were badly hit by ransomware, including a police department in Massachusetts, a church in Oregon, schools in South Carolina schools and several medical centers in California and Kentucky, one of which ended up paying the attackers 40 bitcoins (approximately $17,000).

Attacks on individuals seldom make the headlines, but in 2015 alone, the FBI received some 2,500 complaints related to ransomware attacks, which amounted to approximately $24 million in losses to the victims.

Technologies such as modern encryption, the TOR network and digital currencies like bitcoin are contributing to the rising success of ransomware, enabling hackers to stage attacks with more efficiency while hiding their trace.

In many cases, victims are left with no other choice than to pay the attackers, and even the FBI often advises victims to pay the ransom as the only recourse. Traditional methods and tools no longer suffice to deal with the fast-evolving landscape of ransomware viruses, and new approaches are needed to detect and counter its devastating effects.

Most security practices rely largely on regularly updating your operating system, software and antivirus tools, which are effective to protect yourself against known ransomware viruses — but are of no use against its unknown variants.

The other safeguard against ransomware is to keep offline backups of your files, which will enable you to restore your hostage files without paying the crooks. This is a very effective method, but for many organizations, the downtime of a ransomware attack is more damaging than the ransom itself, which warrants the need for methods that can help avoid ransomware altogether.

The high success rates of ransomware attacks are directly attributed to the shortcomings of antivirus software that rely on static, signature-based methods to detect ransomware. With several variants of ransomware being developed on a daily basis, there’s simply no way signature-based defenses can keep up. Udi Shamir, Chief Security Officer at cybersecurity firm Sentinel One, explains, “With minor modifications a cybercriminal can take a well-known form of ransomware like CryptoLocker, and make it completely unknown and undetectable to antivirus software.”

Cybercriminals are making millions of dollars from ransomware

Experts agree that fighting ransomware needs a new approach, one that should be based on behavior analysis rather than signature comparison. “Behavior-based detection mechanisms are now playing a key role in detecting and preventing ransomware-based attacks,” Shamir says. “While there may be many ransomware variants in the wild, they all share a common set of traits that can be detected during execution.”

Most ransomware can be detected through a set of shared behavioral characteristics. Attempts at deleting Windows Shadow Copies, disabling Startup Repair or stopping services such as WinDefend and BITS are telltale signs of ransomware work. “Each of these actions are behaviors that, if detected, translate into a ransomware attack,” Shamir explains.

This is the general idea behind some of the newer security tools — instead of making signature-based comparisons, processes are scrutinized based on their behavior and blocked if found to be carrying out malicious activity. “Once detected, any malicious processes are killed instantly, malicious files are quarantined, and endpoints are removed from the network to prevent any further spread,” Shamir says.

 “The new ‘next-generation’ endpoint protection solutions have proven to be effective against all variants of ransomware,” Shamir says.

Prevention without detection

One of the methods ransomware developers use to evade detection is to force their tool to remain in a dormant state while it is under examination by security tools. This enables new variants of the virus to get past antiviruses and even some behavioral-based security solutions without being discovered. Once out of the sandbox, the ransomware is in the ideal environment to unpack its malicious payload and deal its full damage.

The workaround to this technique, as discovered by an Israeli cybersecurity startup, is to trick the ransomware that it is always in the sandbox environment, which will convince it to remain in the “sleeping” state and never wake up to deploy itself.

TechCrunch

« Cybercrime Increases As Crooks Get AI Smarter
US Give Philippines Eyes On The South China Sea »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

MIIS Cyber Initiative

MIIS Cyber Initiative

The Cyber Initiative's mission is to assess the impact of the information age on security, peace and communications.

GigaOm

GigaOm

GigaOm's mission is to provide enterprises with information and analysis to help them make better decisions about technology.

ForgeRock

ForgeRock

ForgeRock, the leader in digital identity, delivers comprehensive Identity and Access Management solutions for consumers, employees and things to simply and safely access the connected world.

DANAK

DANAK

DANAK is the national accreditation body for Denmark. The directory of members provides details of organisations offering certification services for ISO 27001.

RCMP National Cybercrime Coordination Unit (NC3)

RCMP National Cybercrime Coordination Unit (NC3)

As set out in the Government of Canada's National Cyber Security Strategy, the RCMP has established the National Cybercrime Coordination Unit (NC3).

ioXt Alliance

ioXt Alliance

The ioXt Alliance is a group of manufacturers, industry alliances and government organizations dedicated to harmonizing best security practices in a highly connected world.

GM Security Technologies

GM Security Technologies

GM Security Technologies provides leading managed security services of the highest quality to every type of individual and organization in Puerto Rico, Caribbean and Latin America.

SECFORCE

SECFORCE

SECFORCE is a leading information security consultancy specialising in bespoke penetration testing and red team engagements.

Neosecure

Neosecure

NeoSecure is a specialist Cybersecurity Solutions and Managed Services provider in Latin America.

CloudBolt Software

CloudBolt Software

CloudBolt provide solutions for your toughest cloud challenges. From automation, to cost and security, and hybrid IT governance — we have you covered.

Risk Strategies

Risk Strategies

Risk Strategies is a leading specialty risk management consultancy and insurance broker offering smarter, practical approaches to risk mitigation including Cyber Liability insurance.

National Cybersecurity Alliance

National Cybersecurity Alliance

The National Cybersecurity Alliance is a non-profit organization on a mission to create a more secure, interconnected world.

Bastion Networks

Bastion Networks

Bastion are a security-focussed managed solution provider and consultancy. We work with advanced cyber security vendors to produce managed security solutions to protect from online threats.

C2 Risk

C2 Risk

C2 Risk are focussed on risk analytics for information assurance, privacy and ESG (Environmental, Social, and Governance).

Arista Middle East

Arista Middle East

Arista Middle East is part of Global Arista Technologies specializing in OT Cybersecurity.

SeQure

SeQure

SeQure is a novel cybersecurity and data observability company that offers Fortune 100 and Governments a zero-trust service to continuously monitor large network environments.