I was victim of a ransomware attack! So what? We’ll have to learn to live with it.
This kind of attack has been multiplied by 6 compared to 2015 and it’s just the beginning. Windows is lately confronting with a new ransomware: Fantom. It looks like a critical update and it duplicates the Windows Update interface to mislead users.
Cyber-attacks are increasing bigtime (+51% in France in 2015) and hackers are using ransomware more and more as an efficient tool.
Ransomware is a type of malware that prevents users accessing their data, either by locking the system screen or by encrypting user’s files, unless a ransom is paid.
To get round antivirus or firewalls, users can be guided towards an unofficial website to download a malicious content. Vulnerability doesn’t come from IT but the problem is human lack of awareness.
Banks and Healthcare are especially targeted by hackers because of their valuable confidential data. However, all verticals are affected. The unavailability of a CRM, ERP, or other enterprise application can be disastrous, as follows:
- Backlog of customer orders
- Loss of revenue
- Loss of customer confidence and degradation of the corporate image
- Impact on employees productivity
- Judicial risk
What are the main ransomwares?
There are dozens. They use the same approach but the goal remains the same: encrypt files to ask for a ransom in Bitcoins in order to take access back:
- 7eV3N: Ransomware looking for files like DOC, JPG, PDF…thought computer or server storage. When it finds files, it encrypts and renames them.
- CryptoWall: Currently it is the most used in the world (83,45%). This 4th version encrypts the content of the files but their name as well.
- Cryptolocker: It differs from the others by first addressing personal data, which makes it even more dangerous.
- CTB-Locker: Originally, it was often in emails with ZIP or CAB format attachments. Today it targets especially Web servers.
- Jigsaw: When files are encrypted, this ransomware will delete data hourly until the ransom is paid.
- Locky: In 2016, this malware is growing strongly. It is very sophisticate and hard to detect.
- Radamant: Discovered in 2015, it spreads through compromised websites, using the Flash Player exploit (CVE-2015-5560).
Prepare to be attacked.
CISOs set up tools to protect IT and enterprise network. Software like antivirus, firewall and automatic updates offer a first layer of defense against cyber attacks. They are able to detect ransomware and they inspect malicious email.
However, because of their sophistication (encryption, autocode, …), it becomes increasingly difficult to detect new ransomware. The standard security software must be continuously updated. So, the CISO wastes time and the risk of human errors increases.
Sophos shows in his study that the management of malware is even more difficult because of:
- Staff mistakes
- Known vulnerabilities
Today, no solution allows for 100% protection against ransomware, it is only possible to minimize their effects. Security standards (ANSSI, OWASP, PCI-DSS) highlight vulnerabilities reduction as a way to minimize the risk associated with ransomware.
Elastic Detector will help to check that security is optimal. On one hand, it will detect the vulnerabilities that can be exploited by attackers, thus reducing their reach and on the other hand, it will check that security tools are well configured (Antivirus, Firewall, Antimalware, back-up, …). Finally, our solution also integrates malware detection which inform the RSSI automatically of any new attack. He still has to automate backups.”
Sergio Loureiro, CEO and SecludIT founder.
The combination of well configured security tools and backups is the only way to control ransomware impact. To manage these tools and evaluate their effectiveness, SecludIT provides action plans and risk indicators to enterprises in real time.