With the growing popularity of ransomware cyber attacks, we thought we’d spend the next few weeks covering the topic so you can better understand what ransomware attacks are, who’s behind them, how to protect against them, and what to do if you become a victim of such an attack. This is post 2 of 6.
Ransomware is rapidly becoming a hot topic in IT security. With hackers collecting over $300 million from ransomware in 2015 alone, every IT professional should know ins and outs of ransomware.
Ransomware in itself isn’t that sophisticated. Most ransomware viruses infect computers through spam email, malicious websites, or infected downloads. Once infected, a small application begins parsing all of the files on your system while scrambling the data inside.
Let’s take a closer look at each of the most popular ransomware attack vectors and how enterprises can setup defense systems that will mitigate these exploits.
Spam Emails
A recent spam email campaign that targeted users in Australia successfully tricked recipients into confirming their parcels on a malicious website. Once the users visited the website, malicious files were downloaded onto their PCs infecting them with the CTB-Locker variant of ransomware.
Spam emails are increasingly common and many campaigns seemingly get by email filtering systems. Ransomware can be executed using a variety of different tactics through email. These tactics typically include malicious links or malicious attachments.
More sophisticated attacks involve social engineering, where a malicious actor sets up an appointment via email in order to gain the confidence of the business associate. Over the phone call, the social engineer will tell the user to visit a website. In a matter of minutes, your enterprise’s precious data could be at risk.
To mitigate the threat of spam emails causing ransomware on a network, be sure to engage your employees regularly on suspicious emails and require them to complete information security awareness training that will help them identify malicious emails that slip through the cracks.
Malicious Websites
Malicious websites that harbor ransomware are probably the most common type of cyber attack that small to medium sized enterprises encounter. Many organizations will rapidly build a website using a popular content management system, such as WordPress, and neglect to run updates regularly once the site is up and running. These websites are sitting ducks for script kiddies.
Websites that are not properly updated are vulnerable to a variety of different attacks tailored specifically to the platform of the website. When you visit untrustworthy websites, consider using a browser add-on that filters malicious content or removes all scripting.
Ad networks have also become targets for malware. In early 2016, mainstream websites such as Forbes, MSN, and others were inadvertently serving up advertisements that contained malware (also called malvertising).
Malicious websites tend to exploit PCs that have out-of-date plugins such as Flash, Java, or Silverlight. When these plugins are out of date, hackers can place code on a malicious website that remotely downloads and executes the ransomware virus onto your PC.
To mitigate these threats, consider setting up a proxy or a firewall that helps filter malicious content out of web pages before the content is displayed on the user’s web browser. Always leverage the real time security features found within your anti-virus suite. Consider implementing an application that assists your IT staff with patching these vulnerable third party plugins.
Infected Downloads
Users may inadvertently download files that they think are safe which are, in fact, just the opposite. Unfortunately, downloadable files can become infected without the author realizing it.
Linux Mint, an open source operating system that is among the most downloaded in the world, was found to be infected with malware in February of 2016. While the problem was quickly fixed, this hijacked download could have potentially wreaked havoc on a network considering a malicious third party could have administrator access to a machine on a network running the OS.
Infected downloads typically target systems that do not have real time malware or virus protection running. Many systems administrators thwart the prospect of malware by disallowing users to download specific file types by granularly configuring settings in their firewall appliance.
At the workstation level, group policies can be configured to help mitigate the threats of downloaded ransomware. Malwarebytes has released its Anti-Ransomware suite into beta, allowing users to try out the new ransomware mitigation software for free.
Tying It All Together
Enterprises can greatly reduce their attack surface by instituting the following steps:
- Require Mandatory Updates for Web Browsers and Plugins
- Implement Browser Plugins such as Web of Trust and Adblock Plus
- Configure Intrusion Prevention and Content Filtering on your Firewall
- Examine your Firewall and Anti-Virus Logs Everyday
- Implement Spam Filtering before it Reaches Your Users Inbox
- Experiment with 3rd Party Anti-Ransomware Software
- Create Group Policies that Prohibit Ransomware from Running
- Always Create a Backup of your Data
- Provide Training for End Users on the Latest Threats
When your enterprise implements these 9 tips, you can be confident that your network can successfully deflect a ransomware attack. If you have any worries about your network security, please call us at (833) 482-6435, or click the banner below to schedule an IT security audit so we can find the best security solutions for your business. Preparation for threats like this is a small cost compared to repairing the damage of an actual infection.
If you enjoyed this IT Support article, please check out other posts on our blog and join us on Facebook, Twitter, LinkedIn, and Google+ to see how else we can help your Greenville, SC or Atlanta, GA area business succeed!