Skip to main content

What is Ransomware and the 8 Things You Can Do to Prevent Becoming a Victim

March 03, 2016

Ransomware is a term used to describe malware that is installed on a user’s computing device (without the user’s knowledge or permission), that encrypts the user’s data. This malware is distributed to an individual (or entity) through social engineering, such as phishing emails, or compromised websites that install the malware on the visitor’s machine. Once a machine has been compromised the malware executes and encrypts all data files that the end-user has access to. This includes local files as well as network drive file storage. After the files are encrypted, they are unrecoverable unless a “ransom” is paid to the attacker. Outside of restoring from a backup the only way to restore the data is to pay the distributor of the malware.

This Malware extortion began by targeting mostly individual home users and has now grown-up to target businesses and other large entities. This Ransomware extortion is very profitable and as such is growing rapidly.  The development of this malware and associated components for the collection of funds has become quite sophisticated. The malware developers are often fully staffed organizations, having the sole purpose of developing this software. These organizations have full time employees dedicated to developing and improving the malware.  They leverage some of the most sophisticated phishing and social engineering techniques seen to date.  The threat posed by Ransomware is growing should not be under-estimated by our clients.

Ransomeware key data points:

  • CryptoWall alone cost user's approximately $325,000,000 in 2015.
  • 165% increase from 2014 through the end of 2015.
  • Ransom is paid through bitcoin or other cryptocurrency to mask the paper trail.
  • Malware phishing may look like AV software, messages from law enforcement or financial service providers.
  • Once data is encrypted there is no reversing it without the private key held by the attackers.
  • Most development and distribution comes from Russia as well as other countries outside the United States.
  • While this has impacted other regions of the world, North America is by far the number one target for ransom based attacks.

How to protect yourself:

  1. Ensure that all critical data on all systems is known, backed up and the integrity of the backups are guaranteed.
  2. Ensure that there is visibility for detection and response on the network to detect command and control activity as well as the distribution of malicious code.
  3. Ensure that all files on the network are only accessible by those who need them, and review permissions and access regularly to ensure that is the case. A tool such as file integrity monitoring should also be considered to ensure that going forward file access and rights are ensured.  Ransomware cannot encrypt data that the victim does not have access or rights to.
  4. Ensure that LAN and endpoint security measures include tools for detection and response in conjunction with prevention. These attacks come in the form of polymorphic malware and can easily get by detection, especially signature based detection. It is important to have detection and response tools that are able to identify undesired behavior in the environment to uncover potential compromise.
  5. Be aware of the vulnerabilities that exist on systems within the environment. Ensure that software beyond the OS is assessed. Flash for example, is one of the most common vectors for attack.
  6. Ensure that user privilege is the minimum required to work. Without administrator access many variants of this malware cannot execute and compromise data.
  7. Ensure that mail security has the ability to detect and prevent phishing attacks.
  8. Perform regular user awareness training to help prevent users from falling victim to social engineering attacks.

Related Blogs

June 28, 2017

Petya / Petna / NotPetya Ransomware Recommendations from the Trenches

Here we go again. Not long ago I updated a blog post containing actionable recommendations to protect your environment from ransomware threats, includ...

See Details

October 31, 2013

CryptoLocker - The Latest in a Long Line of Ransomware

Since early September 2013, a new version of ransomware has been spreading around the globe using email attachments, embedded internet links and/or bo...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Related Insights

May 18, 2017

WannaCry Ransomware Recommendations from the Trenches

Approximately one year ago, I wrote a blog post containing actionable recommendations to protect your environment from ransomware threats. In the wake...

See Details

February 24, 2015

Encryption: The Solution to Corporate Breaches?

In the aftermath of recent breaches, the discussion has centered around encryption of data, more specifically, data at rest, when data resides in the ...

See Details

October 28, 2013

Data Loss Prevention – The People & Technology | Optiv

Data Loss Prevention (DLP) as a competency has received its share of bad press. While the concept of a magic bullet solution to keep an organization’s...

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.