
Ransomware
What is ransomware? Ransomware is a type of malicious software that prevents access to a device or the data on the device until a ransom is paid. Quite often, the ransomware has a built-in timer with a payment deadline. Crypto ransomware prevents access to files or data and preys on users who do not utilize offline backups, Locker ransomware denies access to a computer or device, heavily utilizes social engineering, and is typically more easily removed than Crypto ransomware.
Where does malicious ransomware come from?
There are many ways ransomware can enter your computer systems. The attack vectors can be divided into two types – human and machine attack vectors.
Human Attack Vectors
Ransomware often needs the help of humans to enter computers and employ what’s known as social engineering. Social engineering is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.
Machine Attack Vectors
Humans are involved to some extent as they might facilitate the attack by visiting a website or using a computer, but the attack process is automated and doesn’t require any explicit human cooperation to invade your computer or network.
Human Attack Vector – Phishing uses fake emails to try to trick people into clicking on a link or opening an attachment that carries malicious code. The email might be sent to one person or many within an organization. Sometimes the phishers take the time to research the individual targets and businesses so their email appears legitimate.
Human Attack Vector – SMS-shing uses text messages to get recipients to navigate to a site or enter personal information on their device. Common approaches use authentication messages or messages that appear to be from a financial or other service provider. Some SMS-shing ransomware attempt to propagate themselves by sending themselves to all contacts in the device’s contacts list.
Human Attack Vector – In a similar manner to email and SMS, vishing uses voicemail to deceive the victim. The voicemail recipient is instructed to call a number that is often spoofed to appear legitimate. If the victim calls the number, he or she is taken through a series of actions to correct some made-up problem. The instructions include having the victim unknowingly install malware on their computer.
Human Attack Vector – Social media can be a powerful vehicle to convince a victim to open a downloaded image from a social media site or take some other compromising action. The carrier might be music, video, or other active content that once opened will infect the user’s system.
Machine Attack Vector – The drive-by vector has this name because all it takes for the victim to become infected is to open a web page with malicious code in an image or active content.
Machine Attack Vector – With this vector, the cybercriminals learn the vulnerabilities of specific systems and exploit those vulnerabilities to break in and install ransomware on the machine. This most often happens to systems that are not patched with the latest security releases.
Machine Attack Vector – Malvertising is like drive-by, but uses ads to deliver the malware. These ads might be placed on search engines or popular social media sites in order to reach a large audience. A common host for malvertising is adult oriented websites.
How can we avoid being victims of malicious ransomware?
US-CERT recommends that users and administrators take the following preventive measures to protect their computer networks from ransomware infection:
Backup
Employ a data backup and recovery plan for all critical information. Network-connected backups can also be affected by ransomware so critical backups should be isolated from the network for optimum protection.
Up-To-Date Software
Keep your operating system and software up-to-date with the latest patches. Vulnerable applications and operating systems are the targets of most attacks.
Educate
Educate yourself and your employees in best practices to keep malware out of your systems. Update everyone on the latest email phishing scams.
Report
The FBI urges ransomware victims to report ransomware incidents regardless of the outcome. Victim reporting provides law enforcement with a greater understanding of current threats.
Anti-virus
Maintain up-to-date anti-virus software and scan all downloaded software.
Restrict
Restrict users’ ability (permissions) to install and run unwanted software applications.
If you are targeted, should you pay the ransom?
- It’s generally considered a bad idea to pay the ransom
- There is no guarantee that the cybercriminals will unlock your device
- There is no guarantee that the decryption process will work
- Paying the ransom fuels future cybercrime
- Cybercriminals can come back for more
Interested in learning how we can help your business avoid becoming a victim of ransomware?