Ryuk Ransomware

Ransomware attacks will increase in 2017

Ransomware will continue to dominate and cause monetary damage to organizations and individuals alike unless businesses choose to deploy anti-ransomware technology this year.

Ransomware has become one of the most widespread and damaging cyber attacks that internet users face these days. Ransomware attacks cost people hundreds of millions of dollars each year. According to a recent report, mobile ransomware increased to 200% in the second quarter this year, which is nearly half of all detections in the last year combined. According to the latest report of security solution provider, Ransomware, which is also known as Business Email Compromise (BEC), globally caused companies a loss of $3bn.

India’s share in ransomware attacks continues to rise and currently stands at 16.9% among countries with the highest percentage of end-points exposed to a malware attack, according to a research done by Sophos.

In recent years, cyber crime has become more organized. Cyber crime trends point to an alarming increase in advanced social engineering techniques and customized, targeted document-based malware attacks in 2016, according to SophosLabs research. With greater skills and expertise, they are now able to continually evade defenses and avoid apprehension by law enforcement. The state of security deployments and readiness in enterprises, especially small and mid-sized businesses is devoid of coordinated threat mitigation strategies.

“Lately, we observed some change, which can be attributed to increased security awareness into best practices. As a result, enterprises across verticals have begun overhauling their monolithic security architecture and are replacing it with more meaningful and coordinated security solutions. Better still, when multiple security systems, synchronize and work in tandem to share threat intelligence and help with accelerated threat discovery and automated incident response. Sophos’s Synchronized Security is evolving the threat capabilities of network and endpoint devices in the mid-market and enterprise segments” says Sunil Sharma, VP-Sales & Operations (India & SAARC), Sophos.

Rate of ransomware attacks in India and abroad

Phishing is the most common method used by crooks to spread malware like ransomware. In a recent geo-malware study by Sophos Labs, India was amongst the top five vulnerable countries to phishing attacks with a Threat Exposure Rate of 16.9%. Geo-malware refers to attackers using techniques which are unique to a particular geography and will enable them to hook their baits more effectively.

According to an FBI estimate, $209 mn were lost in first three months of 2016 in extortion money paid to cyber-criminals by businesses and institutions to unlock their computer servers.

We see a global trend towards increased number of sophisticated attacks even in 2017. Ransomware will continue to dominate and cause monetary damage to organizations and individuals alike unless businesses choose to deploy anti-ransomware technology like the Sophos Intercept X and regularly create a data back-up” says Sharma.

We see a lot of social engineering threats continuing to be popular in 2017 including HD phishing (high definition phishing which is hackers buying data from known breaches and using that data to create very convincing phishing e-mails), as well as document and macro malware where users may receive e-mails asking them to “enable macros” to read the full document and this downloads the malware” he adds.

Exploit kits will continue to be popular as we enter 2017 – these kits enable all kinds of hackers to easily leverage pre-built hacking tools, select whatever targets they prefer, and drop any kind of attack on systems from ransomware to data stealing malware and remote access Trojans.

According to Sharma, we will also see an increase of “in-memory” attacks in 2017. These are very insidious attacks that instead of dropping a payload (i.e. adding or change a file) they infect system files in memory and start attempting to send data outside the organization.

How Sophos plans to help stop Ransomware

Recently, the company has launched a new end-point security product Sophos Intercept X that stops zero-day malware, unknown exploit variants and stealth attacks, and includes an advanced anti-ransomware feature that can detect previously unknown ransomware within seconds. Sophos Intercept X installs alongside existing end-point security software from any vendor, immediately boosting end-point protection by stopping malicious code before it executes.

The product also features CryptoGuard that identifies and intercepts malicious encryption activity and blocks ransomware before it can lock and cripple systems. Detailed, forensic-level analysis illuminates the root causes of attacks and their infection paths, and offers prescriptive guidance to help remediate infections today and bolster your security posture moving forward. You can also call it the “black box” of data security.

Rather than examining hundreds of millions of known malware samples, Intercept X instead focuses on the relatively small collection of techniques used to spread malware. This way, it can ward off zero-day attacks without even screening them first.

Steps to keep threats at bay

Here are some security tips that can be followed to stay secure:

·        Backup regularly and keep a recent backup copy off-site

There are other risks besides ransomware that can cause files to vanish, such as fire, flood, theft, a dropped laptop, or even an accidental delete. Always do a regular backup of your files and encrypt your backup.

·        Enable file extensions

The default Windows setting has file extensions disabled. This means that you have to rely on the file thumbnail to identify it. Enabling extensions makes it much easier to identify file types that are not commonly sent, such as JavaScript.

·        Open JavaScript (.js) files in Notepad

Opening a JavaScript file in Notepad blocks it from running any malicious scripts and allows you to examine the file contents.

·        Don’t enable macros in document attachments received via email

Microsoft turned off auto-execution of macros by default many years ago as a security measure. A lot of infections rely on persuading you to turn macros back on, so don’t do it!

·        Be cautious about unsolicited attachments

Crooks rely on the dilemma that you can’t tell if the file is the one you want until you open it. If in doubt leave it out.

·        Don’t give yourself more login power than you need

Don’t stay logged in as an administrator any longer than necessary and avoid browsing, opening documents, or other regular work activities while you have administrator rights.

·        Stay up-to-date with new security features in your business applications

Office 2016 now includes Block macros from running in Office files from the internet control, which helps protect against external malicious content without stopping you using macros internally.

Sharma concludes by saying that most ransomware gangs have acquired a bit of an “honor among thieves” reputation, so that if you do pay over the money, you almost certainly will get your files back. But we would advice that “It’s OK to pay, but it’s much better not to.”

So, keep these two points in mind:

1. Don’t pay if you can possibly avoid it, even if it means some personal hassle.

2. Take precautions today (for instance, backup, proactive anti-virus, web and e-mail filtering) so that you avoid getting into a position where you ever need to pay.

Law enforcement and security experts on the other hand say, “These are crooks! This is extortion! If you can possibly take it on the chin, we urge you NOT TO PAY!”

Leave a Reply

Your email address will not be published. Required fields are marked *