Understanding Ransomware Attacks
The technology is getting sophisticated day by day and so are the threats. Ransomware is the latest HOT topic on the IT Security horizon. As the name suggests it is a new type of attack that holds your IT infrastructure and data at ransom. There are six primary stages to a ransomware attack. Understanding these stages helps you identify, detect, and take action on the threat.
Entry: This is the method that the attacker will use in their attempts to exploit an environment. There are many methods that they can utilize such as known remote exploits on web servers, weaponizing websites, or the most popular method sending malicious emails.
Infection: This is the stage that the malicious code has been executed. This is the official point that ransomware has taken hold of a system, however the data has yet to be encrypted.
Touch Base: At this point in the attack chain, the ransomware has embedded itself into a system by making various changes to achieve persistence and has begun communicating with the Command and Control (C2) server which holds the encryption key.
Scour: This is the point where the malware begins to scan the infected host in order to find files to encrypt. Once completed, it will look for file shares and data stored in the cloud. It will evaluate the level of permissions it has access to via the compromised user/machine has such as read, write, or delete.
Take over: When the malware has completed it analysis and inventory, it will initiate the encryption process. Local files are encrypted almost immediately then the malware moves to the network shares. The network data is copied locally, encrypted, then uploads it back to the share replacing the original document.
En-cash: At this point, the attacker has deposited the ransom note throughout the compromised portions of the environment. The ransom note contains the payment demand as well as payment details which is usually demanded to paid in bitcoin. Some variants apply a penalty model to their ransom where the price of the ransom increases as more time elapses. All the while, the attacker waits idly by to receive their ill-gotten gains in exchange for the decryption key.
Though one would think that a Ransomware victim can get back the data by paying off the attacker, unfortunately the reality is different. Some stats reveal that the reality is grimmer than thought.
At Tres, we can help you safeguard your network against Ransomware attacks. In case you are already under attack, we can help you gain your data back too. For more information contact info@tresinfosol.com
