Ransomware: This is how companies can protect themselves!
More and more companies are now threatened by Ransomware attacks . These are attacks by malicious programs that encrypt data on other computers. The aim of these attacks: the victims have to pay a ransom to gain access to their data again. The following article discusses how professionally and perfidiously a ransomware attacker can proceed, and how serious the consequences can be. We also take a closer look at the new Intercept X product from Sophos.
A blog contribution by Dirk Frießnegg, Solution Advisor IT Security
Why Ransomware and Cybercrime are such a lucrative business
Ransomware - also known as crypto trojans - are available in a wide variety of variants. That's how in 2013 CryptoLocker made the round. In 2016, we were confronted with a new generation of ransomware . Locky, Goldeneye, Stampado are just a few examples of malicious software that have become even more professional, effective and perfidious. And since then, they have still not completely disappeared from the scene.
In short, everyone can easily be affected by these attacks! A private person suffers from such an attack as much as a hospital loosing its complete data (e.g. patient records) It is said a US hospital paid a ransomware attacker around 16,000 US dollars to get its data back. The crucial question is: How valuable is your company information (sensitive data, prototypes, contracts, etc.) to you and what does its loss mean for you?
In any case, for the attackers ransomware is a profitable business. "Malware as a Service" - programs (that are immediately ready for use) are offered in the Darknet. Ultimately, the market for cybercrime is now bigger and more lucrative than the volume of international drug trafficking. The motto also seems to be: Spread it to the market as widely as possible.
Message of an infected client; source: Sophos
What makes malicious software so tricky
Ransomware attackers are highly professional. The attacks are of high quality, extremely effective and widespread. An infection with an encryption Trojan is usually done by e-mail, whereby the attackers use classic tools such as Microsoft Office programs which hides the malware itself.
But whoever now believes to easily identify suspicious mails is mistaken!
The mails from the alleged Nigerian prince, often written in bad English, should now be familiar to everyone as SPAM. Also pretty well known are those emails with dubious bills attached. Experience shows, however, that even with a healthy caution ... humans remain a curious and gullible beings, so that skepticism alone is not sufficient to protect oneself.
For companies, training can be an effective means to raise awareness among employees. But how can I actually reach every employee, even the 14-year interns? Almost never. And how should I recognize an infected mail if the attacker has made specific targets? There are cases where personnel departments have received job applications for jobs that have actually been infected with malware. How can such an attack be countered?
Whoever can dream that the attackers are running ticket systems to manage the "back-office processing", can imagine how professional the attacks have become in the meantime.
Pay or not pay - What to do when Ransomware has hit?
So what to do if your own files are encrypted and even the backup is affected? If it is actually wise to comply with the demands of the blackmailer remains an open question. The Federal Office for Information Security (BSI) recommends not to pay any ransom. In many cases the data disappeared forever or the ransom payment was followed by further demands. After all, whoever has been successfully blackmailed will often remain in trouble.
IT security vendors work with various resources and products to minimize the dangers of ransomware. However, even an anti-virus tool with the highest detection rates and the best firewall will ultimately have the same effect as an airbag or a bicycle helmet. Somewhere an attacker will eventually hit his target. This is because the attackers continue to evolve and the security manufacturers are only a nose-length ahead.
Intercept X from Sophos: How Ransomware can be effectively combated
With Intercept X, Sophos has launched a product that complements existing antivirus programs in the fight against malware. Intercept X operates at different levels: Common malware transmission methods are blocked to close security gaps in operating systems, browsers, or applications such as Adobe. If malware can nevertheless access the file system, unauthorized encryption processes are detected and blocked.
What happens with the already affected files?
These files are returned to their original state. Furthermore, Intercept X ensures that the systems are thoroughly cleaned up by the malware.
See Anti-Ransomware live: the Sophos Intercept X Truck is on tour in Europe
A root-cause analysis tool also provides insights into how the system could be attacked and which systems could be accessed. This is a great tool to improve prevention of future attacks even further.
Causal analytics chart; source: Sophos
Intercept X from Sophos is a hosted, cloud-based solution. However, some companies and authorities prefer a locally installed and managed solution. Sophos Endpoint eXploit Prevention (short: EXP) has been available since the end of February. For those that cannot do the root cause analysis, EXP provides all protection features of Intercept X - managed via the locally installed Sophos Enterprise Console.
Do you know how to protect your IT against Cyber attacks?
You are looking for someone having a profound knowledge of all technologies of the major IT security vendors? Let us have a closer look at your security infrastructure. Contact us today and together we can keep your IT environment secure and protected from considerable losses.
Thanks for contacting us.
We received your contact request regarding Information about Ransomware and IT Security / Intercept X. One of our consultants will contact you shortly.
For regular updates and articles from COMPAREX, click below to follow us:
Viruses, worms and simple malicious code were the most frequent threats to the IT landscape before the turn of the new millennium. A signature-based protective mechanism in the form of an anti-virus program was sufficient to provide adequate protection against standard cyberattacks. Read the full article ...
Banks, companies, governments and private individuals – they were all affected by cyber threats in 2016. In this article, we summed up the biggest cyber threats of 2016 and explain what we can learn from them for 2017. Read the full article ...
Get an overview of all published blog articles of the past months.