Ransomware: This is how companies can protect themselves!

More and more companies are now threatened by Ransomware attacks . These are attacks by malicious programs that encrypt data on other computers. The aim of these attacks: the victims have to pay a ransom to gain access to their data again. The following article discusses how professionally and perfidiously a ransomware attacker can proceed, and how serious the consequences can be. We also take a closer look at the new Intercept X product from Sophos.

Dirk Frießnegg, Solution Advisor IT Security at COMPAREX

A blog contribution by Dirk Frießnegg, Solution Advisor IT Security

Why Ransomware and Cybercrime are such a lucrative business

Ransomware - also known as crypto trojans - are available in a wide variety of variants. That's how in 2013 CryptoLocker made the round. In 2016, we were confronted with a new generation of ransomware . Locky, Goldeneye, Stampado are just a few examples of malicious software that have become even more professional, effective and perfidious. And since then, they have still not completely disappeared from the scene.

In short, everyone can easily be affected by these attacks! A private person suffers from such an attack as much as a hospital loosing its complete data (e.g. patient records) It is said a US hospital paid a ransomware attacker around 16,000 US dollars to get its data back. The crucial question is: How valuable is your company information (sensitive data, prototypes, contracts, etc.) to you and what does its loss mean for you?

In any case, for the attackers ransomware is a profitable business. "Malware as a Service" - programs (that are immediately ready for use) are offered in the Darknet. Ultimately, the market for cybercrime is now bigger and more lucrative than the volume of international drug trafficking. The motto also seems to be: Spread it to the market as widely as possible.

Message of an infected client; source: Sophos

Message of an infected client; source: Sophos

What makes malicious software so tricky

Ransomware attackers are highly professional. The attacks are of high quality, extremely effective and widespread. An infection with an encryption Trojan is usually done by e-mail, whereby the attackers use classic tools such as Microsoft Office programs which hides the malware itself.

But whoever now believes to easily identify suspicious mails is mistaken!

The mails from the alleged Nigerian prince, often written in bad English, should now be familiar to everyone as SPAM. Also pretty well known are those emails with dubious bills attached. Experience shows, however, that even with a healthy caution ... humans remain a curious and gullible beings, so that skepticism alone is not sufficient to protect oneself.

For companies, training can be an effective means to raise awareness among employees. But how can I actually reach every employee, even the 14-year interns? Almost never. And how should I recognize an infected mail if the attacker has made specific targets? There are cases where personnel departments have received job applications for jobs that have actually been infected with malware. How can such an attack be countered?

Whoever can dream that the attackers are running ticket systems to manage the "back-office processing", can imagine how professional the attacks have become in the meantime.

Pay or not pay - What to do when Ransomware has hit?

So what to do if your own files are encrypted and even the backup is affected? If it is actually wise to comply with the demands of the blackmailer remains an open question. The Federal Office for Information Security (BSI)  recommends not to pay any ransom. In many cases the data disappeared forever or the ransom payment was followed by further demands. After all, whoever has been successfully blackmailed will often remain in trouble.

IT security vendors work with various resources and products to minimize the dangers of ransomware. However, even an anti-virus tool with the highest detection rates and the best firewall will ultimately have the same effect as an airbag or a bicycle helmet. Somewhere an attacker will eventually hit his target. This is because the attackers continue to evolve and the security manufacturers are only a nose-length ahead.

Intercept X from Sophos: How Ransomware can be effectively combated

With Intercept X, Sophos has launched a product that complements existing antivirus programs in the fight against malware. Intercept X operates at different levels: Common malware transmission methods are blocked to close security gaps in operating systems, browsers, or applications such as Adobe. If malware can nevertheless access the file system, unauthorized encryption processes are detected and blocked.

What happens with the already affected files?

These files are returned to their original state. Furthermore, Intercept X ensures that the systems are thoroughly cleaned up by the malware.

See Sophos live - Visit th eSophos Intercept X Truck

See Anti-Ransomware live: the Sophos Intercept X Truck is on tour in Europe

A root-cause analysis tool also provides insights into how the system could be attacked and which systems could be accessed. This is a great tool to improve prevention of future attacks even further.

Causal analytics chart

Causal analytics chart; source: Sophos

Intercept X from Sophos is a hosted, cloud-based solution. However, some companies and authorities prefer a locally installed and managed solution. Sophos Endpoint eXploit Prevention (short: EXP) has been available since the end of February. For those that cannot do the root cause analysis, EXP provides all protection features of Intercept X - managed via the locally installed Sophos Enterprise Console.

Do you know how to protect your IT against Cyber attacks?

You are looking for someone having a profound knowledge of all technologies of the major IT security vendors? Let us have a closer look at your security infrastructure. Contact us today and together we can keep your IT environment secure and protected from considerable losses.

 Get in touch with us

Leipzig, 05.04.2017

Stay Up-to-date

For regular updates and articles from COMPAREX, click below to follow us:

 Follow us on LinkedIn

 Follow us on Twitter

Related articles

Where do current IT threats lurk?

Viruses, worms and simple malicious code were the most frequent threats to the IT landscape before the turn of the new millennium. A signature-based protective mechanism in the form of an anti-virus program was sufficient to provide adequate protection against standard cyberattacks. Read the full article ...

Cyber Threats in 2016: Here’s where the danger lurks

Banks, companies, governments and private individuals – they were all affected by cyber threats in 2016. In this article, we summed up the biggest cyber threats of 2016 and explain what we can learn from them for 2017. Read the full article ...


Get an overview of all published blog articles of the past months.

 Read more

Share this Article

Leave a Comment

Do you have a question or remark on this article you want to share with us?
 Post it here.