Just when you think businesses are well equipped to manage cyberattacks and risks associated with connectivity, your newsfeed is bombarded with more stories confirming cyberattacks, such as the attack on shipping tech giant Pitney Bowes’ systems.
The company announced that its systems were hit by a malware attack, more commonly known as ransomware, which encrypted all their information.
Ransomware has been around since 1989 when it was first introduced under the name AIDS Trojan (also known as the PC Cyborg) and injected viruses into systems using floppy disks.
Even after 30 years of technological advancements and security infrastructure, why is it that we still see ransomware attacks affecting businesses.
Let’s analyze how this ransomware of a defect works and some simple tips to protect our systems falling prey to it.
How Ransomware Succeeds, in spite New-age Cyber Security Measures
1. Emails– Email phishing and spam are the main channels used to distribute ransomware. Emails send malicious attachments, documents, and URLs to the recipient’s computer. These emailers are disguised under an innocuous announcement or a news piece. Email security has improved manifold, but the attackers are one step ahead as they keep changing file extensions to escape email security.
2. Websites– Websites can be the primary source of malicious activities for businesses. Employees visit hundreds of websites every day, and website ads may sometimes lead to automatic malicious app/file downloads.
3. Servers and Data Sources– All data storage solutions can be used as a launchpad for attacks, where the ransomware can hide in plain sight among all data. Businesses use data lakes as a pool for storing information and are one of the chief sources where malware can be hidden.
Widely Used Ransomware
1. Encrypting Ransomware or Datalocker– An advanced encryption algorithm is designed by cybercriminals to hijack the system data. The victim can use the system but cannot access the files on it. She has to pay the price to procure a key to decrypt his data. Some of the examples of the most frequently used encrypting ransomware or data locker are Locky, CryptoLocker, or Cryptowall.
2. Locker Ransomware or Computer Locker– This technique locks the computer operating system making it impossible to access the complete system. Some examples of such ransomware include Petya-and Satana-families.
Ransomware Percolation Process:
1. Malware is delivered to the system via an email attachment, spam or phishing email, infected application, website, or through any other method. Ransomware then installs itself on the endpoint system and any network devices it can access.
2. The ransomware makes contact with the command and control server supervised by cybercriminals to create cryptographic keys, which are then used on the local system.
3. Ransomware starts encrypting all files on the local machine and network or the complete system.
4. Once encryption is done, the ransomware displays instructions of extortion and ransom payment, threating the destruction of data if payment is denied.
Discretion is the Better Part of Valour: Ransomware Attack Prevention Tips:
By now it is widely established that ransomware is literally your system’s enemy.
Let’s see how we can prevent it from trespassing precious data.
1. Backup complete enterprise data
The initial and foremost step you can take to save your data from evaporating during an attack is to backup locally and offsite. Data must be backed-up at locations and completely cut-off from the enterprise network in case of an attack. This is the easiest way of shielding your backup files from getting corrupted. Failure to backup your systems can cause irreparable damage.
2. Segment network access
Limit your data with dynamic control access. Having dynamic control access prevents attackers from gaining control and compromising the entire network with a single attack. Segregate the complete network into zones with each having different credentials. This will not only safeguard your critical data but will also play havoc with the hacker’s mind.
3. Early threat detection system
Having an early warning system will assist in identifying potential attacks. Unified threat management programs can find infringements as they happen and prevent them. Traditional firewalls block unauthorized access to your computer or network, but a threat detection system identifies content that may introduce malware.
Windows offers a function called Group Policy that allows IT administrators to define how a group user may use your system. It can block the execution of files from your local folders, which include temporary and download folders.
4. Security updates
Download and install all security updates or patches for your system. These updates improve the computer operations and repair vulnerable spots in security. The WannaCry Ransomware attack in May 2017 targeted computers running on the Windows operating system. Microsoft detected the flaw in March 2017 and issued a security bulletin MS17-010, which detailed the flaw and announced security patches in advance. Despite the patch, several computers were affected.
5. Run frequent security scans on drivers and devices
Mobile devices are used to bring the required agility in the business networks but may become a liability if left unnoticed. Devices and drivers that connect to the network should be frequently scanned to keep all threats at bay. You must regularly update the threat definition to protect your valuable devices.
6. Email security
Most users believe that emails, by definition, are secured, and attachments can cause no harm. Therefore, email server-level security is quite essential. Users sometimes click on malicious emails, which can unleash a cyber-attack on the complete network. There are several features such as spam filters, detection techniques, and victim intelligence in the email security server to prevent network access in case of any suspicious activity.
7. Human vigilance
Threat detection and protection system can only work up to a certain point. A ransomware attack can be usually traced back to poor employee cybersecurity practices. Organizations and their employees become victims because they lack the necessary training and education when dealing with such types of attacks. An employee must be trained to conduct a security scan every week to prevent threats. Moreover, the staff needs to be extra vigilant when the attack occurs in the system, which is when the system needs to be offline and isolated from the entire network.
Scott Matteson, contributing writer at TechRepublic, interviewed Andrew Morrison, Partner, Deloitte Cyber Risk Services, Dylan Owen, Senior Manager, Cyber Services, Raytheon, and Josh Mayfield, Director of Security Strategy, Absolute, on some of the pertinent cybersecurity issues. Here are some excerpts relevant to ransomware and its prevention techniques:
Ransomware Protection/Prevention Techniques:
Andrew Morrison: “In order to stay ahead, organizations must conduct audits of their patching processes, then look into tools and policies to make the practice more effective. A good example of this is the current movement towards stronger automation in patching.”
Dylan Owen: “Companies must proactively patch their vulnerable systems. However, if a system cannot be patched, companies should isolate the vulnerability behind a firewall. Since attacks like WannaCry use port 445 to identify vulnerabilities, companies should block their visibility from the internet. If the port isn’t routable, then malicious actors will have a hard time knowing who to target.”
Josh Mayfield: “Companies are following the standard narrative: Hiring consultants, implementing a few changes, buying a bunch of security tools, and crossing fingers. IT complexity has become so severe that we just can’t see through the densely packed tangle to pinpoint weaknesses. And when we do find weaknesses, we are often conflating “gap” with “no security product.” So we go shopping, never realizing that changes to our existing tools (e.g., making them resilient) would improve their odds of success from creative and motivated criminals.”
Ransomware attacks are exploiting vulnerable security systems across enterprises, both privately owned and government. They act as a gateway for the attack to actually infiltrate the network and assault susceptible systems. Continuous vigilance and automated update of patches seem to be the most significant detracting forces for avoiding data losses and protecting entire networks.
To know more about cybersecurity, you can download our latest whitepapers on Security.