Ransomware is the latest business model that has seen extensive coverage and success. Ransomware are of two types (till now):
The attacker delivers a malware to the target, mostly through a phishing campaign, it is fully automated in carrying out its mission once the malware is on a system.
In early versions of this ransomware, each successful infection led to files on a single system being encrypted.
The next evolutionary step was for the malware to search for network drives which the system’s user had the right to access – and to encrypt them.
The final evolutionary step of Automated Ransomware came from combining it with a worm. This term refers to self-replicating malware, which first infects one system and then rapidly infects neighbouring systems, which then infect their neighbours, and so on.
Unlike the Automated Ransomware, this type of attack consists of a more sophisticated and targeted attack culminating in the demand for a large ransom.
Manual ransomware attacks generally take several weeks to pull off. Most of that time is spent getting all the attack pieces in place in the various parts of a target organization’s network. At the hour chosen for the attack, all the attack pieces simultaneously go into action by encrypting all the valuable data previously identified.
Organisations found out that efficient backup is a good way to fight ransomware and this forced the ransomware to evolve: The valuable data would be encrypted in place and a copy exported out of the network. This meant either PAY or your copy of the data is rendered useless and the copy of data will be made public.
Recent evolution in the ransomware industry is of the business model with “ransomware as a service” which is like a franchise model. The franchiser supplies tools, playbooks and other attack infrastructure, while franchisees use these services to carry out the attacks, forwarding a percentage of the paid ransom back to the franchiser.
How to protect your network from Ransomware?
Most of the Automated Ransomwares can be blocked on entry by careful monitoring of alerts and quick response.
Manual ransomwares attacks are similar to other targeted attacks and the counter measures for defence are the same. Though security products do help against these attacks but are not useful without robust visibility and a strong mix of threat hunting and investigative discipline to uncover malicious activities before they’ve progressed to the point of no return.
At Tres Infosol we can help you strengthen your defences against Ransomware and other Cyber security threats. We can also help you in case you are already under a Ransomware attack. Simply drop a mail to email@example.com and we would be glad to help you.