Equinix Data Center Giant Hit by Netwalker Ransomware, $4.5M Ransom
Ransomware attackers are demanding $4.5 million from Equinox
read morePublished on: November 16th, 2016
Ransom-ware is undeniably becoming one of the biggest threats facing business today. The last year or so has seen an incredible rise in the number of ransom-ware attacks; some reports have claimed that 40% of businesses have been hit in the last 12 months, encrypting files and data until a ransom is paid.
Fears over the rise and potential impact of ransom-ware have even caused Europol, the European Union law enforcement agency, to label it the, “leading cyber-crime threat in Europe,” and point out that it is increasingly targeting sectors that will pay a higher ransom, rather than individuals who will only pay a smaller fee to unlock their files.
What’s more, companies certainly are paying out to regain access to their files. The FBI announced that in the first three months of 2016 $209 million was paid to cyber-criminals; at that rate it’s possible that 2016 as a whole will see over $1 billion paid out in ransom-ware attacks.
We are also seeing a trend emerge in terms of the types of organizations that are being targeted – public-facing organizations where data is the lifeblood: councils, hospitals, schools, for example.
So why now? What’s behind the rise of ransom-ware as a cyber-attack tool? Well, the short answer is it works. The figures above show that it’s an effective way of extracting financial gains from victims. Blocking access to vital data or files can cripple an organization and render it useless, so it’s not surprising that some pay up as soon as possible so they can get back to work. Can you imagine the potential damage if a hospital, for example, couldn’t access patient data?
So that leads to the next question – why is it so effective? There are a couple of things about ransom-ware that separate it from other pieces of malware we’ve seen. The first is that it’s polymorphic. This means it can change tiny little details about itself frequently, so that antivirus programs no longer pick it up; it appears as a brand new piece of malware each time it undergoes a little change.
The second is that all it needs to start encrypting user files is standard user privileges…the kind of privileges that the vast majority of workers in an organization will have. That means its barrier to entry, as it were, is very low.
So now we know a little more about why ransom-ware is becoming the attack vector of choice for cyber-criminals, let’s look at how it spreads across a business. What we’ve discovered so far is that generally ransom-ware arrives via a targeted phishing email. Once the attachment is opened the ransom-ware makes contact with its C&C server to generate and retrieve an encryption key. From there the ransom-ware begins its scan of the infected machine, looking for files. It then builds its inventory.
As well as building an inventory of files, it also scans for other machines on the network and, if it can, it grabs credentials. It then connects to those machines and infects them. Once this process is complete, the ransom-ware encrypts files and announces its arrival to unsuspecting users.
However, it doesn’t have to get this far. The key is where the defense lies. It’s difficult to stop ransom-ware at the perimeter, and while it’s easier at the point of the server callout, that can sometimes be too late to stop the damage. So that leaves the file level, and that has proven to be most effective in our lab tests, where we have so far examined 157,000 ransom-ware samples.
Using application control at the file level means white-listing good, known and trusted applications and blacklisting anything that’s unknown, not trusted or known to be bad. In the middle you have grey-listing, where applications you’re not sure about can run in restricted mode – with limited access to files and data, no internet access and no access to network shares or servers.
Taking this approach and combining it with tighter control over user privileges is the best way of combating ransom-ware. In our tests application grey-listing and using least privilege proved to be 100% effective in stopping ransom-ware from encrypting files, rendering it useless.
With an evolving business comes expanding technological needs. If your business is sending you any of these signs that it’s time to update your technology.
Ransomware attackers are demanding $4.5 million from Equinox
read moreCybersecurity executives claim working from home increases the risk of attacks.
read more© 2024 Computer Troubleshooters. Privacy Policy