As we move into the New Year, it is time for us to have a look at some threats that we need to be guarded against. In this blog post, let us look at how Ransomware is likely to become more sophisticated in 2014. Here are a few trends observed this year that may well continue well into 2014, with some new and interesting challenges as well.
What on earth is Ransomware?
It is a type of malware that is designed to make your system or a file unusable until you pay a ransom to the hacker. It typically appears to be an official warning from law enforcement agencies like the Federal Bureau of Investigation (FBI) that accuses you of a cyber-crime and demands for electronic money transfers for you to regain control on your file. There’s another kind of ransomware that encrypts the user’s files with a password and offers them the password upon payment of a ransom. Looking at both the cases, it is the end-user’s system that is essentially held hostage.
Cryptolocker malware and how it works
The Cryptolocker malware is seen as an extension of the ransomware trend and is far more sophisticated with its ability to encrypt files and demand ransom successfully. Its presence is hidden from the victim until it contacts a Command and Control (C2) server and encrypts the files on the connected drives. As this happens, the malware continues to run on the infected systems and ensures that it persists across reboots. So, when executed, the malware creates a copy of itself in either %AppData% or %LocalAppData%. Then the original executable file is deleted by CryptoLocker and creates an autorun registry key which ensures that the malware is executed even if the system is restarted in “safe” mode.
Protecting yourself from Ransomware
It is important to be aware of this kind of malware and here are few steps that can help you to protect your organization from ransomware:
- Ensure that all the software on your systems are up-to-date.
- Make sure that you do not click on links or attachments from untrusted sources
- You need to regularly backup your important files
Additionally, regulatory mandates and corporate policies need to become enforced stringently. The fact is that a security attack of any kind can have a direct impact on your organization’s integrity and reputation, which is why a comprehensive security solution must be put in place. It is best to opt for an SIEM solution with real-time analysis and cross-event correlation as it would help you to:
- Reduce the time taken to identify attacks, thereby reducing their impact
- Reduce the time spent on forensic investigation and root cause analysis
- Respond to threats in real-time
Shield your network and systems better this year, have a good one!!