Technology is a double-edged sword. On one side, you have individuals who use it to innovate for the greater good; on the other, cybercriminals strive for nothing more than illegal profits and even senseless destruction. It doesn’t matter how big your company is -- if you have sensitive data you would pay a king’s ransom for, consider yourself a target.
There are only a few prevalent types of ransomware, but more sophisticated strains are expected to emerge. Historically, ransomware applications have hidden within Adobe PDF, Microsoft Office, and images files, but security vendor McAfee Labs predicts that other types of files will become targets as malware continues to evolve.
Ransomware starts by secretly encrypting files with advanced algorithms. Once files are encrypted, cybercriminals demand payment in the form of untraceable internet currencies, usually Bitcoins. A recent example of this is the WannaCry and NHS debacle. Now that we've seen what ransomware is capable of, let's take a look at how it actually works.
How ransomware spreads
The most common method used to spread ransomware is a spam “botnet.” Automatically generated messages and emails trick victims into clicking a link or downloading an email attachment. This can be a fake email from a colleague, supplier, customer or friend. Or a link or email attachment from a trusted institution requesting you to perform a routine task.
Another way ransomware spreads is through “exploit kits.” These software packages use advanced programming to discover and exploit system vulnerabilities so the ransomware can be installed and executed on the target. Unlike spam botnets, exploit kit attacks do not require additional actions from the computer user.
Types of ransomware
New ransomware strains surface all the time, making it impossible to compile a list of every type of malware in existence. Here are some of the more well-known types you should be looking out for:
- CryptoLocker - Considered the blueprint to modern-day ransomware, CryptoLocker spreads via spam and exploit kits. Once it infiltrates the computer, CryptoLocker encrypts mapped network drives and files. After the files have been successfully encrypted, the hacker leaves a ransom note demanding payment in Bitcoins.
- CTB-Locker - This strain utilizes Elliptic Curve Cryptography to encode files, after which hackers outsource the infection process to partners in exchange for reduced profits. CTB-Locker is proven to spread malware infections at a faster rate.
- Locky - Locky spreads through an email message disguised as an invoice. Once the email is opened, the user is instructed to enable macros in order to read the document. With those macros enabled, the malware begins to encrypt files. Once encryption is complete, the hacker demands payment in the form of Bitcoins.
- TeslaCrypt - Using the popular AES algorithm to encrypt files, TeslaCrypt spreads via Angler exploit kits that target the vulnerabilities of Adobe PDF. After infiltrating a system, it installs itself in a temporary Microsoft folder. Besides BitCoin, TeslaCrypt accepts Ukash and PaySafeCard as payment options as well.
- TorrentLocker - Besides encrypting files, TorrentLocker also collects email addresses from the targeted device to spread the malware beyond the infected network. The malware also prevents system restoration using Windows file recovery tools. BitCoin is the preferred currency for TorrentLocker ransoms.
Antivirus protection
Antivirus software is considered an essential component of any business looking to keep cyber threats at bay. Constantly updating your antivirus software protects your system against newly identified cyber attacks. And because ransomware constantly evolves, antivirus updates shouldn’t be ignored, and continuous maintenance is needed to safeguard your system against hackers.
User awareness
Your staff needs to understand how ransomware works and what threats it poses to your business. Educate them by giving specific examples of suspicious emails and links and what they must do if they encounter a potential bait. You should also conduct bi-annual formal training to inform staff on the potential risks of cybercrime and keep new employees up-to-date on the latest types of ransomware. Companies should consider setting up an employee orientation session about best IT security practices and how they greatly reduce risk of ransomware attacks.
Control code execution
Protect your system against cyber criminals by preventing all macros from being run. Also make sure that users cannot install software on their devices without proper authorization. This will help prevent users from running malicious codes and reduce potential system vulnerabilities.
Whether you are a small business or a large enterprise, hackers armed with ransomware shouldn’t be taken lightly. Without the proper defenses, you’re as good as a sitting duck. Founders Technology Group can help design, deploy, and manage network security solutions as well as help train staff about what they can do when faced with ransomware. If you are interested, feel free to get in touch with us.