12-27-21 | Blog Post
If you haven’t heard about Ransomware by now you must have been living under a rock. This growing cyber threat has taken out millions of IT environments and shows no signs of stopping. And just as it seems we get one step ahead of the virus, a new variant is created that targets a new vulnerability in our systems.
From what we have learned about Ransomware, hackers are always one step ahead of us. Just as we make progress in understanding how to prevent one variant from attacking our systems, another version appears in its place. All of this has led to the conclusion that it is no longer a questions of IF we will be attacked by Ransomware, but WHEN.
To give you a better understanding of what you’re up against, let’s run through the different types of Ransomware. The first thing that is important to understand is that Ransomware viruses usually fall into two categories: Screen Lockers and Encrypters.
One variant of Ransomware that is relatively common is Screen Locker. As the name implies, this version of Ransomware locks your screen and prevents your from accessing your files until a ransom is paid. Luckily, Screen Locker is relatively easy to bypass if you have made the proper recovery preparations. All you have to do is connect a hard drive to non-infected system and copy over all the necessary data over.
unlike Screen Lockers, Encryption Ransomware encrypts your files and can only be accessed by a key that the hacker holds until a ransom is delivered. This version of Ransomware is more difficult to bypass, and can often take days to restore files. Thus it is important to have a proper backup and disaster recovery strategy in place.
Ransomware is a growing problem that is affecting businesses around the world (read about these common infection methods). With new variants popping up all the time, it is difficult for IT Security solutions to keep up. Here are some of the more popular variants of Ransomware:
Also known as samsam, it targets backups and is controlled by humans, not a machine or program. Samsam is a Java-based variant that deletes all VSS volume copies and wipes free space on your hard drive. Includes Active Directory harvesting utility that will collect information to be exploited at a later time. Human controlled to attack at most vulnerable time to maximize profit.
One of the most well known variants of Ransomware, CryptoLocker is a Trojan horse encryption virus. Files on the infected computer are encrypted and require the user to purchase a password in order to decrypt them.
Locky and its many subvarients work to corrupt your files by scrambling them and renaming them with the extension .locky. In order to unscramble your files, you are forced to pay for a decryption key.
A Ransomware variant that targets Linux. KillDisk sabotages companies by deleting data and altering files at random. KillDisk also does not save the encryption key on the disk or online, which makes it difficult to recover files without paying a ransom.
Like KillDisk, FareWare also targets Linux users. FareWare attackers hack Linux servers and delete the webfolder. They then demand a ransom for the return of the files. The files are not encrypted by the attackers, just reuploaded to a server under the attacker’s control.
KeRanger is a Trojan horse Ransomware virus, and the first Ransomware virus to target Mac OS. It is an encryption virus that works to block access to your important files until a ransom is paid.
Another Trojan virus that encrypts files and tries to extort a ransom is FileCoder. Like KeRanger, FileCoder also targets Mac.
Angler is an exploit kit that is used to open a channel of communication with your system that cyber criminals can use to access your data. Often, attacks via angler are delayed. As the access channel is monitored by humans on the other end, cyber criminals wait for the opportune moment to attack.
I’m sure by now you’ve heard the news about WannaCrypt also known as WannaCry. This new malware (malicious software) or ransomware holds your computer hostage until you pay a ransom. It recently hit 150 countries and 200,000 computers shutting down hospitals, universities, warehouses, telecommunication companies and banks.
In order to avoid being the victim of a ransomware attack, it is important to take proper measures to ensure your files are safe. Backup your files! Practice the 3-2-1 data backup rule. Many attacks can be overcome by restoring from backups. Be careful where you click while on the Internet or in your email, viral links and attachments are the number one cause of Ransomware infection. Protect your devices with endpoint protection and advanced threat protection. Also, avoid these common assumptions that you’re already secure. Watch this on-demand webinar on ransomware preparedness and recovery to learn how to protect your business.
