WHAT IS RANSOMWARE & HOW CAN I PREVENT AN ATTACK?
INTRODUCTION.
What is Ransomware? What makes it a critical threat to your business and how can you keep your sensitive data and files away from unauthorised access?
Regardless of any type of software you use, it is never perfect when it is released on the market. Every software program such as your web browser, operating system, office applications, and many others are guaranteed to have problems.
This is mainly due to the fact that software is programmed by humans with deadlines to meet and specific `time to market` goals. In most cases, the bugs are not dangerous unless they present a security vulnerability. A security hole can then allow hackers to launch a zero day attack.
WHAT IS RANSOMWARE?
There are many different categories of ransomware, all of which depend upon what the hacker has designed the ransomware to do. One thing the many different types have in common is that each program is designed to lock you out of your files (encrypt them), your operating system, or your entire computer.
Then the hacker will attempt to ask you to perform some type of action to regain access to your system and files.
Hackers can design ransomware to target the home computer user or launch ransomware in a zero day exploit on a much larger scale such as an enterprise network, manufacturing facility, healthcare provider, or even a government agency. Basically, the malicious program holds your information for ransom which is where the term ransomware originates.
Ransomware can prevent you from using your web browser, prevent you from logging on to your operating system, and encrypt personal files to prevent you from accessing them. Generally, the hacker demands ransom money from you so you can decrypt and retrieve your files. However, there is no guarantee that paying money will provide you with access to your computer and files.
If the ransomware is designed to prevent access to your computer, when you boot your device you will see a screen saying you must perform a described action such as paying money to get access to your computer. This is known as lock screen ransomware.
If you can access your PC but not your files, the ransomware program has been designed to encrypt your files. This type of ransomware is known as encryption ransomware.
Older variations of ransomware which are still used, may actually accuse you of using your computer for illegal purposes. The hacker then threatens you with a fine or imprisonment as a scare tactic to extort money from you.
HOW DOES RANSOMWARE ENTER YOUR COMPUTER?
Ransomware typically enters your computer through a security hole and as a ‘zero day attack’ (which we’ll discuss shortly). However, it can also enter your system in a variety of other ways which include:
- Opening rogue email attachments or an unsafe email message.
- Visiting untrusted websites.
- Clicking on popups or an infected link on a website.
- Failing to keep your software updated.
- Clicking on social media posts and links.
- Failing to use cyber street smarts when surfing the web just as you would in everyday life.
WHAT IS A ZERO DAY ATTACK?
A zero day attack is also commonly known as a zero day exploit and is designed by cybercriminals to take advantage of security holes in software applications. The security vulnerabilities are those that have not been made public by the vendor while they are in the process of designing a security patch for the problem.
In other cases, a zero day attack is defined as an attack on a security hole on the same day the vulnerability is made known to the public, hence the term zero day defines this type of attack.
Software security holes can be discovered by the vendor or they can be identified by the end user or a cybercriminal purposely targeting the software program for vulnerabilities. In the case of the latter, the vulnerability will only be known in the hacker community until the vendor becomes aware of the problem and designs a security patch to fix the vulnerability. This is commonly known as a less than zero day exploit.
Once the vendor is aware of the vulnerability, the developers of the software must race to create a patch to protect the end user.
The main motive for a zero day attack is to insert malware or spyware into your computer or in the case of a large company, an entire network and the attached devices. One of the most dangerous types of attacks involves the infiltration of ransomware.
HOW DO ZERO DAY ATTACKS WORK?
In a nutshell, zero day attacks happen when software vulnerabilities exist as the product is released on the market and before the vendor developers can issue a security patch for protection.
Hackers are sophisticated programmers that can design malicious software which specifically targets a software vulnerability. Knowing the security patch release can take time, the hacker uses the malicious program to locate the security hole and launch a zero day attack. This allows your computer system or applications to be compromised before the problem can be fixed.
HOW CAN I PREVENT ZERO DAY ATTACKS?
If the only way to prevent a zero day attack is to wait for the vendor to release a patch, statistics point to the fact you will waste a lot of time and open your computer up to an inevitable threat. Therefore, it is best to implement precautions from the get go that will reduce the chances of a zero day attack while you are waiting for the vendor to release a fix.
USE AN ENTERPRISE LEVEL SPAM AND VIRUS FILTER.
Many organisations have seen the benefit of implementing an Enterprise level Spam and Virus Filter, which offers a highly effective and preventative way of avoiding a potential Ransomware attack. As mentioned above, most Ransomware accesses your network via email. An Enterprise level Spam & Virus filter scans every email that’s sent to you before it enters your network environment. This preventative approach has proven to be the most effective way help stop any known threats, although it will only protect against known threats.
BACKUP YOUR DATA AND USE A DISASTER RECOVERY SOLUTION!
The implementation of a Cloud-based backup or Disaster Recovery solution is a wise investment that’s HIGHLY recommended because sometimes, the only way you can recover your business critical data from a Zero Day/Ransomware attack is to restore your data from backup. 90% of businesses with an IT infrastructure have a backup or DR solution in place. DON’T be one of the 10% that goes out of business because they didnt think it was necessary.
BEWARE OF FAKE EMAILS.
Think before you click. There are a lot of emails that appear to be from your financial institution or companies you routinely do business with. They can look legitimate but are actually fake messages that attempt to get some type of personal or financial information from you. A lot of these emails will have a malicious attachment that will execute the Ransomware when you open it, or, they are geared to install Ransomware or other malicious programs by enticing you to click on a link in the message.
INSTALL A SOLID SPYWARE PROTECTION PROGRAM.
Spyware is programmed differently than a virus. Therefore, it is possible for some spyware programs to bypass the antivirus program and hide deep within the registry of your computer.
The antivirus program may not pick it up and quarantine it if it does not resemble a virus definition. Some antivirus programs include spyware protection and you can also install a third party program and run it on a regular basis.
KEEP YOUR WEB BROWSERS UPDATED.
Remember that web browsers such as Google Chrome, Safari, Mozilla Firefox Edge, and others are software so, make it a habit to check for updates on a consistent basis. Generally, this can be accomplished by clicking on Help on the upper main toolbar of your browser. You can also opt to set your user preferences to automatically install browser updates as they become available.
USE ONLINE STREET SMARTS.
If you are not sure you trust a certain website, refrain from clicking on it! More often than not, rogue websites take on an unusual appearance, are riddled with popups and misspellings of well-known companies, and are designed in a way that does not appeal to your “gut” feeling.
SECURE YOUR WIRELESS ACCESS POINTS.
Most wireless routers have WPA (Wi-Fi Protected Access) and WPA2 encryption. Make sure you take advantage of this technology when configuring a wireless access point (you should be doing this anyway!) This will prevent zero day attacks that are designed for wireless connections.
USE A FIREWALL.
Organisations that are dependent on their IT networks should use a hardware firewall and not just rely on a software firewall that’s installed on their computer. This acts as a traffic light (so to speak) and a barrier that protects your local network from outside threats.
KEEP ALL OTHER SOFTWARE UPDATED.
Make sure you keep all other software updated with the latest security patches. In most cases, the updates can be configured to automatically install when they become available. Additionally, keep only the software applications you frequently use. The more programs you have, the more vulnerabilities there are to exploit.
OTHER INTERESTING RANSOMWARE AND ZERO DAY ATTACK FACTS.
According to Microsoft Protection Center, ransomware continues to be a global problem. Specifically, they have recently seen increases in Italy and the eastern seaboard of the US
According to Symantec, a global leader as a security and information management solutions provider, “In 2015, the number of zero-day vulnerabilities discovered more than doubled to 54, a 125 percent increase from the year before. Or put another way, a new zero-day vulnerability was found every week (on average) in 2015.
Beginning on June 22 2016 at 6:44 a.m. UTC, Avanan’s Cloud Security Platform reported, “A massive attack against its customers that were using Office 365. The attack included a very nasty ransomware virus called Cerber, which was spread through email and encrypted users’ files.
Once encrypted, Cerber demanded a ransom be paid in order to regain access to the user’s documents, photos and files. So nasty in fact, that this virus actually played an audio file, informing the user that the computer’s files have been encrypted while a warning message was displayed on screen. Based on Avanan’s analysis, Microsoft detected the attack and started blocking the attachment as of June 23 at 11:34 a.m. UTC.”
In a McAfee Labs Threats Report: March 2016, “Every day more than 157 million attempts were made (via emails, browser searches, etc.) to entice McAfee customers into connecting to risky URLs (website addresses). Every day an additional 71 million potentially unwanted programs attempted installation or launch.”
Ars Technica reports, “The growth in zero-day attacks came as software developers sharply reduced the time it took to patch the underlying vulnerabilities. On average, it took just one day for them to release a patch in 2015, compared with 59 days in 2014 and four in 2013. The total time of exposure for last year was seven days, compared with 295 days in 2014 and 19 days in 2013.”
Source: