cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Is your Business safe from Ransomware?

Level 11

As we move into the New Year, it is time for us to have a look at some threats that we need to be guarded against. In this blog post, let us look at how Ransomware is likely to become more sophisticated in 2014. Here are a few trends observed this year that may well continue well into 2014, with some new and interesting challenges as well.

  

What on earth is Ransomware?

It is a type of malware that is designed to make your system or a file unusable until you pay a ransom to the hacker. It typically appears to be an official warning from law enforcement agencies like the Federal Bureau of Investigation (FBI) that accuses you of a cyber-crime and demands for electronic money transfers for you to regain control on your file.  There’s another kind of ransomware that encrypts the user’s files with a password and offers them the password upon payment of a ransom. Looking at both the cases, it is the end-user’s system that is essentially held hostage.

 

Cryptolocker malware and how it works

The Cryptolocker malware is seen as an extension of the ransomware trend and is far more sophisticated with its ability to encrypt files and demand ransom successfully. Its presence is hidden from the victim until it contacts a Command and Control (C2) server and encrypts the files on the connected drives. As this happens, the malware continues to run on the infected systems and ensures that it persists across reboots. So, when executed, the malware creates a copy of itself in either %AppData% or %LocalAppData%. Then the original executable file is deleted by CryptoLocker and creates an autorun registry key which ensures that the malware is executed even if the system is restarted in “safe” mode. 

  

Protecting yourself from Ransomware

It is important to be aware of this kind of malware and here are few steps that can help you to protect your organization from ransomware:

  • Ensure that all the software on your systems are up-to-date.
  • Make sure that you do not click on links or attachments from untrusted sources
  • You need to regularly backup your important files

  

Additionally, regulatory mandates and corporate policies need to become enforced stringently.  The fact is that a security attack of any kind can have a direct impact on your organization’s integrity and reputation, which is why a comprehensive security solution must be put in place. It is best to opt for an SIEM solution with real-time analysis and cross-event correlation as it would help you to:

  • Reduce the time taken to identify attacks, thereby reducing their impact
  • Reduce the time spent on forensic investigation and root cause analysis
  • Respond to threats in real-time

   

Shield your network and systems better this year, have a good one!!

5 Comments
Level 15

Be sure to monitor shares that are assigned and only share what needs to be.  Monitor permissions, make sure that you are not allowing too many permissions.  Also, make sure that you have good backups. 

Yes, backup, backup, backup.

And restore on occasion--your backups are only as good as your last restore.

But where's the NSA or FBI, or vigilantes for that matter, in hunting down and destroying the ransom folks and their resources?  It's organized crime, isn't it?  It uses IP addresses that are assigned, right?  It seems there ought to be a way to seek & deter, re-educate, correct.

It's mighty short-sighted to lock & ransom or destroy.  Even a mosquito knows not to kill the victim.

MVP
MVP

The previous comments are spot on...also, just because you pay a "ransom" once doesn't mean you won't have to pay it again.....

Level 14

TO bad that many of these "bad guys" are in countries we don't have law enforcement agreements with.

MVP
MVP

that is legal law enforcement agencies...