What You Need To Know About Ransomware

September 7, 2016 · steveverbanic · · Comments

As new generations of highly sophisticated ransomware threaten data security with increasing stealth and ferocity, protecting yourself from this insidious cyber crime wave can feel like an uphill battle.

A tactic once primarily launched via email phishing, ransomware authors have honed their powers of deception. Today, they embed malicious ransomware programs in every-day business and marketing communications that are not likely to raise red flags among unsuspecting users.

And the perpetrators are raking it in — meaning the ransomware crime wave is unlikely to abate anytime soon. A recent Bromium study reports that the prevalence of ransomware more than doubled in 2015, with one type of ransomware, Cryptowall 3.0, making over $325 million from US victims alone.

In this kind of environment, you need to keep your guard up. Here are some of the more common tactics ransomware authors are using to take data hostage and steps you can take to prevent it.

Malvertizing

Infecting advertising links with malware is an increasingly common ransomware tactic. Called “malvertizing,” it tricks users into clicking on advertising links that activate malicious software on the targeted device, from which it can spread to other connected devices and operating environments.

Cloud Sourcing

Data stored in the cloud is not immune to ransomware attacks and is even more vulnerable when the cloud drive is shared, because an infection on a single device can scramble the code on data across the shared drive. In cases like these, entire company files are at risk of being compromised, increasing their value as potential sources of ransom money.

Flash Flooding

A full 80% of vulnerabilities to ransomware were linked to Adobe Flash last year, making the popular video player a favorite target for infections.

Data Stalking

Ransomware has expanded their targets from just PCs to wherever the data lies — including mobile devices and web servers — the latter of which are particularly lucrative targets at organizations that fail to regularly backup their web data.

Ransomware Mitigation Steps

Though the aggressions and pervasiveness of ransomware make it seem unstoppable, there are basic security steps organizations can take to mitigate the risks:

  • Back It Up: Regular and complete backups of your data using multiple storage tools mean that you can keep access to your stored data even if it is compromised, which is useful beyond just fighting ransomware.
  • Stay Updated: Perform regular software updates and patches whenever new vulnerabilities arise.
  • Limit Log-Ins: The fewer people who have the credentials to access a device, server or website, the lower your chances of someone downloading malicious software that could compromise data.
  • Beware File Extensions: Ransomware creators are getting better at obscuring the file extension of their tools beyond the “.exe” file extension, which means you have to get better at training users to understand the different types of files they may come across. Prohibiting use of the “Hide Extensions” feature is a first step to helping users avoid opening suspicious files.

How Susceptible Are You To Ransomware?

Beyond mitigation, it’s always smart to test the effectiveness of your cybersecurity to detect the existence of ransomware and other malware in your network environment.  Request a demo of SLAIT security services when you’re ready to assess your network and identify solutions to address potential threats.