SlideShare une entreprise Scribd logo

The Business Guide to Ransomware

Addictive Technology Solutions
Addictive Technology Solutions

Get an insight into Ransomware and understand the impact it has had on Bitcoin prices whilst learning how to protect your business.

Technologie
1  sur  10
Télécharger pour lire hors ligne
1 | The Business Guide to Ransomware EBOOK The Business Guide to Ransomware Everything to know to keep your company afloat $    
Pull text goes here and bold some of the copy More and more, ransomware has emerged as a major threat to individuals and businesses alike. Ransomware, a type of malware that encrypts data on infected systems, has become a lucrative option for cyber extortionists. When the malware is run, it locks victim’s files and allows criminals to demand payment to release them. Unless you’ve been living under a rock, you are probably well aware that ransomware is a hot topic in the news these days. Organizations of all types and sizes have been impacted, but small businesses can be particularly vulnerable to attacks. And ransomware is on the rise. In a recent study conducted by security software vendor McAfee Labs, researchers identified more than 4 million samples of ransomware in Q2 of 2015, including 1.2 million new samples. That compares with fewer than 1.5 million total samples in Q3 of 2013 (400,000 new). Ransomware is distributed in a variety of ways and is difficult to protect against because, just like the flu virus, it is constantly evolving. There are ways to protect your business against ransomware attacks. In this e-book you’ll learn how the malware is spread, the different types of ransomware proliferating today, and what you can do to avoid or recover from an attack. Hiding your head in the sand won’t work, because today’s ransom seekers play dirty. Make sure your organization is prepared.  
3 The Angler exploit kit uses HTML and JavaScript to identify the victim’s browser and installed plugins, which allows the hacker to select an attack that is the most likely to be successful. Using a variety of obfuscation techniques, Angler is constantly evolving to evade detection by security software products. RANSOMWARE TODAY There are a few dominant types, or families, of ransomware in existence. Each type has its own variants. It is expected that new families will continue to surface as time goes on. Historically, Microsoft Office, Adobe PDF and image files have been targeted, but McAfee predicts that additional types of files will become targets as ransomware continues to evolve. Most ransomware uses the AES algorithm to encrypt files, though some use alternative algorithms. To decrypt files, cyber extortionists typically request payment in the form of Bitcoins or online payment voucher services, such as Ukash or Paysafecard. The standard rate is about $500, though we’ve seen much higher. Cyber criminals behind ransomware campaigns typically focus their attacks in wealthy countries and cities where people and businesses can afford to pay the ransom. In recent months, we’ve seen repeated attacks on specific verticals, most notably healthcare. How ransomware is spread Spam is the most common method for distributing ransomware. It is generally spread using some form of social engineering; victims are tricked into downloading an e-mail attachment or clicking a link. Fake email messages might appear to be a note from a friend or colleague asking a user to check out an attached file, for example. Or, email might come from a trusted institution (such as a bank) asking you to perform a routine task. Sometimes, ransomware uses scare tactics such as claiming that the computer has been used for illegal activities to coerce victims. Once the user takes action, the malware installs itself on the system and begins encrypting files. It can happen in the blink of an eye with a single click. Anothercommonmethodforspreadingransomwareisasoftwarepackageknownas anexploitkit.Thesepackagesaredesignedtoidentifyvulnerabilitiesandexploitthemto !  
4 There are also options available for the aspiring hackers with minimal computer skills. According to McAfee, there are ransomware-as-a-service offerings hosted on the Tor network, allowing just about anyone to conduct these types of malicious attacks. installransomware.Inthistypeofattack,hackersinstallcodeonalegitimatewebsitethat redirectscomputeruserstoamalicioussite.Unlikethespammethod,sometimesthis approachrequiresnoadditionalactionsfromthevictim.Thisisreferredtoasa“drive-by download”attack. The most common exploit kit in use today is known as Angler. A May 2015 study conducted by security software vendor Sophos showed that thousands of new web pages running Angler are created every day. The Angler exploit kit uses HTML and JavaScript to identify the victim’s browser and installed plugins, which allows the hacker to select an attack that is the most likely to be successful. Using a variety of obfuscation techniques, Angler is constantly evolving to evade detection by security software products. Angler is just one exploit kit, there are a variety of others in use today as well. Spam botnets and exploit kits are relatively easy to use, but require some level of technical proficiency. However, there are also options available for the aspiring hackers with minimal computer skills. According to McAfee, there are ransomware- as-a-service offerings hosted on the Tor network, allowing just about anyone to conduct these types of attacks. COMMON TYPES OF RANSOMWARE As noted above, ransomware is constantly evolving and new variants are appearing all the time. So, it would be difficult, if not impossible, to compile a list of every type of ransomware proliferating today. While the following is not a complete list of today’s ransomware, it gives a sense of the major players and the variety in existence.  
5 CryptoLocker Ransomware has been around in some form or another for the past two decades, but it really came to prominence in 2013 with CryptoLocker. The original CryptoLocker botnet was shut down in May 2014, but not before the hackers behind it extorted nearly $3 million from victims. Since then, the CryptoLocker approach has been widely copied, although the variants in operation today are not directly linked to the original. The word CryptoLocker, much like Xerox and Kleenex in their respective worlds, has become almost synonymous with ransomware. CryptoLocker is distributed via exploit kits and spam. When the malware is run, it installs itself in the Windows User Profiles folder and encrypts files across local hard drives and mapped network drives. It only encrypts files with specific extensions, including Microsoft Office, OpenDocument, images and AutoCAD files. Once the dirty work is done, a message informing the user that files have been encrypted is displayed on said user’s screen demanding a Bitcoin payment. CryptoWall CryptoWall gained notoriety after the downfall of the original CryptoLocker. It first appeared in early 2014, and variants have appeared with a variety of names, including: Cryptorbit, CryptoDefense, CryptoWall 2.0 and CryptoWall 3.0, among others. Like CryptoLocker, CryptoWall is distributed via spam or exploit kits. The initial version of CryptoWall used an RSA public encryption key but later versions (including the latest CryptoWall 3.0) use a private AES key, which is further masked using a public AES key. When the malware attachment is opened, the CryptoWall binary copies itself into the Microsoft temp folder and begins to encode files. CryptoWall encrypts a wider variety of file types than CryptoLocker but, when encryption is complete, also displays a ransom message on a user’s screen demanding payment. The spam campaigns spreading Locky are operating on a massive scale. The malware is spread using spam, typically in the form of an email message disguised as an invoice. When opened, the invoice is scrambled and the victim is instructed to enable macros to read the document. !  
6 CTB-Locker The criminals behind CTB-Locker take a different approach to virus distribution. Taking a page from the playbooks of Girl Scout Cookies and Mary Kay Cosmetics, these hackers outsource the infection process to partners in exchange for a cut of the profits. This is a proven strategy for achieving large volumes of malware infections at a faster rate. When CTB-Locker runs, it copies itself to the Microsoft temp directory. Unlike most forms of ransomware today, CTB-Locker uses Elliptic Curve Cryptography (ECC) to encrypt files. CTB-Locker impacts more file types than CryptoLocker. Once files are encrypted, CTB-Locker displays a ransom message demanding payment in, you guessed it, Bitcoins. Locky Locky is a relatively new type of ransomware, but its approach is familiar. The malware is spread using spam, typically in the form of an email message disguised as an invoice. When opened, the invoice is scrambled, and the victim is instructed to enable macros to read the document. When macros are enabled, Locky begins encrypting a large array of file types using AES encryption. Bitcoin ransom is demanded when encryption is complete. Are you sensing a pattern here? The spam campaigns spreading Locky are operating on a massive scale. One company reported blocking five million emails associated with Locky campaigns over the course of two days. TeslaCrypt TeslaCrypt is another new type of ransomware on the scene. Like most of the other examples here, it uses an AES algorithm to encrypt files. It is typically distributed via the Angler exploit kit specifically attacking Adobe vulnerabilities. Once a vulnerability  
7 is exploited, TeslaCrypt installs itself in the Microsoft temp folder. When the time comes for victims to pay up, TeslaCrypt gives a few choices for payment: Bitcoin, PaySafeCard and Ukash are accepted here. And who doesn’t love options? TorrentLocker TorrentLocker is typically distributed through spam email campaigns and is geographically targeted, with email messages delivered to specific regions. TorrentLocker is often referred to as CryptoLocker, and it uses an AES algorithm to encrypt file types. In addition to encoding files, it also collects email addresses from the victim’s address book to spread malware beyond the initially infected computer/ network—this is unique to TorrentLocker. TorrentLocker uses a technique called process hollowing, in which a Windows system process is launched in a suspended state, malicious code is installed, and the process is resumed. It uses explorer.exe for process hollowing. This malware also deletes Microsoft Volume Shadow Copies to prevent restores using Windows file recovery tools. Like the others outlined above, Bitcoin is the preferred currency for ransom payment. KeRanger According to ArsTechnica, KeRanger ransomware was recently discovered on a popular BitTorrent client. KeRanger is not widely distributed at this point, but it is worth noting because it is known as the first fully functioning ransomware designed to lock Mac OS X applications. Petya Instead of encrypting files on a victim’s computer, Petya overwrites the master boot record, leaving the operating system in an unbootable state. Petya commonly relies on phishing emails to spread its payload. Security software is essential, however, you can’t reply on it alone. A proper ransomware protection strategy requires a three-pronged approach, compromising of education, security, and backup. !  
8 NotPetya Initial reports categorized NotPetya as a variant of Petya, a strain of ransomware first seen in 2016. However, researchers now believe NotPetya is instead a malware known as a wiper with a sole purpose of destroying data and not actually obtaining any ransom. WannaCry WannaCry is a widespread ransomware campaign that is affecting organizations across the globe. Over 125,000 organizations in over 150 countries have been impacted.The ransomware strain is also known as WCry or WanaCrypt0r and currently affects Windows machines through a Microsoft exploit known as EternalBlue PROTECTAGAINST RANSOMWARE Cyber criminals armed with ransomware are a formidable adversary. While small- to-mid-sized businesses aren’t specifically targeted in ransomware campaigns, they may be more likely to suffer an attack. Frequently, small business IT teams are stretched thin and, in some cases, rely on outdated technology due to budgetary constraints. This is the perfect storm for ransomware vulnerability. Thankfully, there are tried and true ways to protect your business against ransomware attacks. Security software is essential, however, you can’t rely on it alone. A proper ransomware protection strategy requires a three-pronged approach, comprising of education, security and backup. Education: First and foremost, education is essential to protect your business against ransomware. It is critical that your staff understands what ransomware is and the threats that it poses. Provide your team with specific examples of suspicious emails Because ransomware is constantly evolving, even the best security software can be breached. This is why a secondary layer of defense is critical for businesses to ensure recovery in case malware strikes: backup.  
9 with clear instructions on what to do if they encounter a potential ransomware lure (i.e. don’t open attachments, if you see something, say something, etc.). Conduct bi-annual formal training to inform staff about the risk of ransomware and other cyber threats. When new employees join the team, make sure you send them an email to bring them up to date about cyber best practices. It is important to ensure that the message is communicated clearly to everyone in the organization, not passed around on a word of mouth basis. Lastly, keep staff updated as new ransomware enters the market or changes over time. Security: Antivirus software should be considered essential for any business to protect against ransomware and other risks. Ensure your security software is up to date, as well, in order to protect against newly identified threats. Keep all business applications patched and updated in order to minimize vulnerabilities. Some antivirus software products offer ransomware-specific functionality. Sophos, for example, offers technology that monitors systems to detect malicious activities such as file extension or registry changes. If ransomware is detected, the software has the ability to block it and alert users. However, because ransomware is constantly evolving, even the best security software can be breached. This is why a secondary layer of defense is critical for businesses to ensure recovery in case malware strikes: backup. Backup: Modern total data protection solutions, like Datto, take snapshot-based, incremental backups as frequently as every five minutes to create a series of recovery points. If your business suffers a ransomware attack, this technology allows you to roll-back your data to a point-in-time before the corruption occurred. When it comes to ransomware, the benefit of this is two-fold. First, you don’t need to pay the ransom to get your data back. Second, since you are restoring to a point-in-time  
10 before the ransomware infected your systems, you can be certain everything is clean and the malware can not be triggered again. Here’s an example of how Datto saved the day for international hotel chain, Crowne Plaza. Additionally, some data protection products today allow users to run applications from image-based backups of virtual machines. This capability is commonly referred to as “recovery-in-place” or “instant recovery.” This technology can be useful for recovering from a ransomware attack as well, because it allows you to continue operations while your primary systems are being restored and with little to no downtime. Datto’s version of this business-saving technology is called Instant Virtualization, which virtualizes systems either locally or remotely in a secure cloud within seconds. This solution ensures businesses stay up-and-running when disaster strikes. CONCLUSION Cyber extortionists using ransomware are a definite threat to today’s businesses from the local pizza shop to the Fortune 500. However, a little bit of education and the right solutions go a long way. Make sure your employees understand what to watch out for and you can avoid a lot of headaches. Never underestimate the dedication or expertise of today’s hackers. They are constantly adapting and improving their weapon of choice. That’s why you need top-notch security software and backup. Keep your business safe and give your nerves a break. To sum it all up, knowledge spreading and security software can help you avoid cyber attacks. Patch management is essential. Be certain that your software is up-to- date and secure. In the end, it is backup that will help you pick up the pieces when all else fails. Consider using a modern backup product that offers features that can permanently eliminate downtime. For more information please contact: Robert Marsden | Managing Director Phone: +61408010382 Email: robert.marsden@addictive.net.au Addictive Technology Solutions | http://www.addictive.net.au      

Recommandé

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 

Recommandé

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 

Contenu connexe

Dernier

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 

Dernier (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 

En vedette

How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at WorkGetSmarter
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...DevGAMM Conference
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationErica Santiago
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellSaba Software
 
Introduction to C Programming Language
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming LanguageSimplilearn
 

En vedette (20)

How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy Presentation
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
 
Introduction to C Programming Language
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming Language
 

The Business Guide to Ransomware

  • 1. 1 | The Business Guide to Ransomware EBOOK The Business Guide to Ransomware Everything to know to keep your company afloat $    
  • 2. Pull text goes here and bold some of the copy More and more, ransomware has emerged as a major threat to individuals and businesses alike. Ransomware, a type of malware that encrypts data on infected systems, has become a lucrative option for cyber extortionists. When the malware is run, it locks victim’s files and allows criminals to demand payment to release them. Unless you’ve been living under a rock, you are probably well aware that ransomware is a hot topic in the news these days. Organizations of all types and sizes have been impacted, but small businesses can be particularly vulnerable to attacks. And ransomware is on the rise. In a recent study conducted by security software vendor McAfee Labs, researchers identified more than 4 million samples of ransomware in Q2 of 2015, including 1.2 million new samples. That compares with fewer than 1.5 million total samples in Q3 of 2013 (400,000 new). Ransomware is distributed in a variety of ways and is difficult to protect against because, just like the flu virus, it is constantly evolving. There are ways to protect your business against ransomware attacks. In this e-book you’ll learn how the malware is spread, the different types of ransomware proliferating today, and what you can do to avoid or recover from an attack. Hiding your head in the sand won’t work, because today’s ransom seekers play dirty. Make sure your organization is prepared.  
  • 3. 3 The Angler exploit kit uses HTML and JavaScript to identify the victim’s browser and installed plugins, which allows the hacker to select an attack that is the most likely to be successful. Using a variety of obfuscation techniques, Angler is constantly evolving to evade detection by security software products. RANSOMWARE TODAY There are a few dominant types, or families, of ransomware in existence. Each type has its own variants. It is expected that new families will continue to surface as time goes on. Historically, Microsoft Office, Adobe PDF and image files have been targeted, but McAfee predicts that additional types of files will become targets as ransomware continues to evolve. Most ransomware uses the AES algorithm to encrypt files, though some use alternative algorithms. To decrypt files, cyber extortionists typically request payment in the form of Bitcoins or online payment voucher services, such as Ukash or Paysafecard. The standard rate is about $500, though we’ve seen much higher. Cyber criminals behind ransomware campaigns typically focus their attacks in wealthy countries and cities where people and businesses can afford to pay the ransom. In recent months, we’ve seen repeated attacks on specific verticals, most notably healthcare. How ransomware is spread Spam is the most common method for distributing ransomware. It is generally spread using some form of social engineering; victims are tricked into downloading an e-mail attachment or clicking a link. Fake email messages might appear to be a note from a friend or colleague asking a user to check out an attached file, for example. Or, email might come from a trusted institution (such as a bank) asking you to perform a routine task. Sometimes, ransomware uses scare tactics such as claiming that the computer has been used for illegal activities to coerce victims. Once the user takes action, the malware installs itself on the system and begins encrypting files. It can happen in the blink of an eye with a single click. Anothercommonmethodforspreadingransomwareisasoftwarepackageknownas anexploitkit.Thesepackagesaredesignedtoidentifyvulnerabilitiesandexploitthemto !  
  • 4. 4 There are also options available for the aspiring hackers with minimal computer skills. According to McAfee, there are ransomware-as-a-service offerings hosted on the Tor network, allowing just about anyone to conduct these types of malicious attacks. installransomware.Inthistypeofattack,hackersinstallcodeonalegitimatewebsitethat redirectscomputeruserstoamalicioussite.Unlikethespammethod,sometimesthis approachrequiresnoadditionalactionsfromthevictim.Thisisreferredtoasa“drive-by download”attack. The most common exploit kit in use today is known as Angler. A May 2015 study conducted by security software vendor Sophos showed that thousands of new web pages running Angler are created every day. The Angler exploit kit uses HTML and JavaScript to identify the victim’s browser and installed plugins, which allows the hacker to select an attack that is the most likely to be successful. Using a variety of obfuscation techniques, Angler is constantly evolving to evade detection by security software products. Angler is just one exploit kit, there are a variety of others in use today as well. Spam botnets and exploit kits are relatively easy to use, but require some level of technical proficiency. However, there are also options available for the aspiring hackers with minimal computer skills. According to McAfee, there are ransomware- as-a-service offerings hosted on the Tor network, allowing just about anyone to conduct these types of attacks. COMMON TYPES OF RANSOMWARE As noted above, ransomware is constantly evolving and new variants are appearing all the time. So, it would be difficult, if not impossible, to compile a list of every type of ransomware proliferating today. While the following is not a complete list of today’s ransomware, it gives a sense of the major players and the variety in existence.  
  • 5. 5 CryptoLocker Ransomware has been around in some form or another for the past two decades, but it really came to prominence in 2013 with CryptoLocker. The original CryptoLocker botnet was shut down in May 2014, but not before the hackers behind it extorted nearly $3 million from victims. Since then, the CryptoLocker approach has been widely copied, although the variants in operation today are not directly linked to the original. The word CryptoLocker, much like Xerox and Kleenex in their respective worlds, has become almost synonymous with ransomware. CryptoLocker is distributed via exploit kits and spam. When the malware is run, it installs itself in the Windows User Profiles folder and encrypts files across local hard drives and mapped network drives. It only encrypts files with specific extensions, including Microsoft Office, OpenDocument, images and AutoCAD files. Once the dirty work is done, a message informing the user that files have been encrypted is displayed on said user’s screen demanding a Bitcoin payment. CryptoWall CryptoWall gained notoriety after the downfall of the original CryptoLocker. It first appeared in early 2014, and variants have appeared with a variety of names, including: Cryptorbit, CryptoDefense, CryptoWall 2.0 and CryptoWall 3.0, among others. Like CryptoLocker, CryptoWall is distributed via spam or exploit kits. The initial version of CryptoWall used an RSA public encryption key but later versions (including the latest CryptoWall 3.0) use a private AES key, which is further masked using a public AES key. When the malware attachment is opened, the CryptoWall binary copies itself into the Microsoft temp folder and begins to encode files. CryptoWall encrypts a wider variety of file types than CryptoLocker but, when encryption is complete, also displays a ransom message on a user’s screen demanding payment. The spam campaigns spreading Locky are operating on a massive scale. The malware is spread using spam, typically in the form of an email message disguised as an invoice. When opened, the invoice is scrambled and the victim is instructed to enable macros to read the document. !  
  • 6. 6 CTB-Locker The criminals behind CTB-Locker take a different approach to virus distribution. Taking a page from the playbooks of Girl Scout Cookies and Mary Kay Cosmetics, these hackers outsource the infection process to partners in exchange for a cut of the profits. This is a proven strategy for achieving large volumes of malware infections at a faster rate. When CTB-Locker runs, it copies itself to the Microsoft temp directory. Unlike most forms of ransomware today, CTB-Locker uses Elliptic Curve Cryptography (ECC) to encrypt files. CTB-Locker impacts more file types than CryptoLocker. Once files are encrypted, CTB-Locker displays a ransom message demanding payment in, you guessed it, Bitcoins. Locky Locky is a relatively new type of ransomware, but its approach is familiar. The malware is spread using spam, typically in the form of an email message disguised as an invoice. When opened, the invoice is scrambled, and the victim is instructed to enable macros to read the document. When macros are enabled, Locky begins encrypting a large array of file types using AES encryption. Bitcoin ransom is demanded when encryption is complete. Are you sensing a pattern here? The spam campaigns spreading Locky are operating on a massive scale. One company reported blocking five million emails associated with Locky campaigns over the course of two days. TeslaCrypt TeslaCrypt is another new type of ransomware on the scene. Like most of the other examples here, it uses an AES algorithm to encrypt files. It is typically distributed via the Angler exploit kit specifically attacking Adobe vulnerabilities. Once a vulnerability  
  • 7. 7 is exploited, TeslaCrypt installs itself in the Microsoft temp folder. When the time comes for victims to pay up, TeslaCrypt gives a few choices for payment: Bitcoin, PaySafeCard and Ukash are accepted here. And who doesn’t love options? TorrentLocker TorrentLocker is typically distributed through spam email campaigns and is geographically targeted, with email messages delivered to specific regions. TorrentLocker is often referred to as CryptoLocker, and it uses an AES algorithm to encrypt file types. In addition to encoding files, it also collects email addresses from the victim’s address book to spread malware beyond the initially infected computer/ network—this is unique to TorrentLocker. TorrentLocker uses a technique called process hollowing, in which a Windows system process is launched in a suspended state, malicious code is installed, and the process is resumed. It uses explorer.exe for process hollowing. This malware also deletes Microsoft Volume Shadow Copies to prevent restores using Windows file recovery tools. Like the others outlined above, Bitcoin is the preferred currency for ransom payment. KeRanger According to ArsTechnica, KeRanger ransomware was recently discovered on a popular BitTorrent client. KeRanger is not widely distributed at this point, but it is worth noting because it is known as the first fully functioning ransomware designed to lock Mac OS X applications. Petya Instead of encrypting files on a victim’s computer, Petya overwrites the master boot record, leaving the operating system in an unbootable state. Petya commonly relies on phishing emails to spread its payload. Security software is essential, however, you can’t reply on it alone. A proper ransomware protection strategy requires a three-pronged approach, compromising of education, security, and backup. !  
  • 8. 8 NotPetya Initial reports categorized NotPetya as a variant of Petya, a strain of ransomware first seen in 2016. However, researchers now believe NotPetya is instead a malware known as a wiper with a sole purpose of destroying data and not actually obtaining any ransom. WannaCry WannaCry is a widespread ransomware campaign that is affecting organizations across the globe. Over 125,000 organizations in over 150 countries have been impacted.The ransomware strain is also known as WCry or WanaCrypt0r and currently affects Windows machines through a Microsoft exploit known as EternalBlue PROTECTAGAINST RANSOMWARE Cyber criminals armed with ransomware are a formidable adversary. While small- to-mid-sized businesses aren’t specifically targeted in ransomware campaigns, they may be more likely to suffer an attack. Frequently, small business IT teams are stretched thin and, in some cases, rely on outdated technology due to budgetary constraints. This is the perfect storm for ransomware vulnerability. Thankfully, there are tried and true ways to protect your business against ransomware attacks. Security software is essential, however, you can’t rely on it alone. A proper ransomware protection strategy requires a three-pronged approach, comprising of education, security and backup. Education: First and foremost, education is essential to protect your business against ransomware. It is critical that your staff understands what ransomware is and the threats that it poses. Provide your team with specific examples of suspicious emails Because ransomware is constantly evolving, even the best security software can be breached. This is why a secondary layer of defense is critical for businesses to ensure recovery in case malware strikes: backup.  
  • 9. 9 with clear instructions on what to do if they encounter a potential ransomware lure (i.e. don’t open attachments, if you see something, say something, etc.). Conduct bi-annual formal training to inform staff about the risk of ransomware and other cyber threats. When new employees join the team, make sure you send them an email to bring them up to date about cyber best practices. It is important to ensure that the message is communicated clearly to everyone in the organization, not passed around on a word of mouth basis. Lastly, keep staff updated as new ransomware enters the market or changes over time. Security: Antivirus software should be considered essential for any business to protect against ransomware and other risks. Ensure your security software is up to date, as well, in order to protect against newly identified threats. Keep all business applications patched and updated in order to minimize vulnerabilities. Some antivirus software products offer ransomware-specific functionality. Sophos, for example, offers technology that monitors systems to detect malicious activities such as file extension or registry changes. If ransomware is detected, the software has the ability to block it and alert users. However, because ransomware is constantly evolving, even the best security software can be breached. This is why a secondary layer of defense is critical for businesses to ensure recovery in case malware strikes: backup. Backup: Modern total data protection solutions, like Datto, take snapshot-based, incremental backups as frequently as every five minutes to create a series of recovery points. If your business suffers a ransomware attack, this technology allows you to roll-back your data to a point-in-time before the corruption occurred. When it comes to ransomware, the benefit of this is two-fold. First, you don’t need to pay the ransom to get your data back. Second, since you are restoring to a point-in-time  
  • 10. 10 before the ransomware infected your systems, you can be certain everything is clean and the malware can not be triggered again. Here’s an example of how Datto saved the day for international hotel chain, Crowne Plaza. Additionally, some data protection products today allow users to run applications from image-based backups of virtual machines. This capability is commonly referred to as “recovery-in-place” or “instant recovery.” This technology can be useful for recovering from a ransomware attack as well, because it allows you to continue operations while your primary systems are being restored and with little to no downtime. Datto’s version of this business-saving technology is called Instant Virtualization, which virtualizes systems either locally or remotely in a secure cloud within seconds. This solution ensures businesses stay up-and-running when disaster strikes. CONCLUSION Cyber extortionists using ransomware are a definite threat to today’s businesses from the local pizza shop to the Fortune 500. However, a little bit of education and the right solutions go a long way. Make sure your employees understand what to watch out for and you can avoid a lot of headaches. Never underestimate the dedication or expertise of today’s hackers. They are constantly adapting and improving their weapon of choice. That’s why you need top-notch security software and backup. Keep your business safe and give your nerves a break. To sum it all up, knowledge spreading and security software can help you avoid cyber attacks. Patch management is essential. Be certain that your software is up-to- date and secure. In the end, it is backup that will help you pick up the pieces when all else fails. Consider using a modern backup product that offers features that can permanently eliminate downtime. For more information please contact: Robert Marsden | Managing Director Phone: +61408010382 Email: robert.marsden@addictive.net.au Addictive Technology Solutions | http://www.addictive.net.au