Ransomware attacks will continue to grow in 2017
Ransomware usually encrypts data on victims pc or laptop and will usually try to encrypt network servers if the victims pc is on a network. It will then prompt the victim to pay a ransom, usually in the form of Bitcoin.
Ransomware has become increasingly popular as a weapon with which to extort money from corporations, public authorities and institutions and individuals.
Victims are often hacked by clicking on an innocuous looking attachment or website link within an email. This releases malicious software that disables the victim’s computer system and any computers on the same network. Ransom notes then appear across the network demanding money paid in Bitcoin in return for a decryption key that will disable the virus. However, there is no guarantee that the key will work or prevent further attacks.
Ransomware attacks have grown dramatically over the past two years. According to the IBM report, “Ransomware: How Consumers and Businesses Value Their Data,” 4,000 ransomware attacks occurred per day in 2016, four times more than the previous year. The FBI reported that ransomware victims in the U.S. shelled out $209 million for their stolen data in just the first three months of 2016, a huge increase from the $24 million companies spent in all of 2015, according to Reuters.
Companies can implement policies to minimize actions that could lead to infections, but this is complicated by the legitimate need to frequently open attachments in a business setting.
Not all attacks require user action to be implemented, however. Drive-by infections lurk in specially crafted pop-up advertisements. All a victim has to do is view a seemingly innocuous webpage.
Cybercriminals are particularly well-versed in exploiting Windows vulnerabilities, for example. This malware does not need to infiltrate your entire system for long-term access; it simply needs a gateway to access your data, which doesn’t require advanced tools. Windows users have many default privileges that can be exploited to allow total access.
Fileless ransomware infection methods are on the rise, why? because it bypasses scanners and signature-based AV. for example, a new variant of Kovter, a malware family known for click-fraud and ransomware, has been found disguised as a Firefox update. the malware authors were able to sign the malware with a valid digital certificate, which helps it bypass security software. When the new Kovter variant compromises a computer, the Trojan has the ability to reside only in the registry and not maintain a presence on disk. It accomplishes this by using registry tricks in an attempt to evade detection. The threat is also memory resident and uses the registry as a persistence mechanism to ensure it is loaded into memory when the infected computer starts up.
There is a lot of misinformation surrounding how to prevent new malware infections, especially ransomware. A lot of the rhetoric is around “ensuring your anti-virus is up to date”. While making sure your current anti-virus solution is fully up-to-date, is of course good advice, this does not take into account the fact, that your current solution may be virtually useless in preventing new next generation ransomware attacks.
Contact Newtec Today for a Free Security Assessment.