Skip to main content
Tag

ransomware attack

|||||

How Deadly is Ransomware?

By Patch ManagementNo Comments

How Deadly is Ransomware and How Effective are the Protections Against It?

Organizations of all kinds have found themselves victims to ransomware. Find out how dangerous these attacks are and explore strategies to protect your business.

Picture the following scenario for a moment: It’s a seemingly typical day at the office for your business. People are busy and coffee-driven. Everything is unfolding as it should — or at least as it usually does.

Then, in the space of just a few seconds, everything changes on a dime with the beginning of a ransomware attack.

Maybe it’s your client database — including all of the financial and personal information you’ve collected in the partnership process — that suddenly becomes inaccessible. Perhaps key files are abruptly encrypted in a way that you’ve never seen before. Or maybe systems grind to a halt and won’t function. You see a message telling you, in so many words, to pay up or lose the data (or remain locked out of your mission-critical networks and devices). It’s a simple — and often successful — exploit tactic.

No matter how the incident specifically unfolds, whether you pay up or work around it, you’ll likely always divide your job, to some extent, into pre- and post-ransomware periods. Here, we’re going to take a deep dive into the ins and outs of ransomware, and examine how effective various tools — ranging from staff training to endpoint detection and response solutions — can be in mitigating the damage that this increasingly common cyberattack type can do.

A Brief History of Ransomware

According to a 2012 piece from TechRepublic, ransomware dates back to the late 1980s, though it did not emerge as a tool during that decade. It became somewhat prominent among hackers and cyberattackers in the mid-2000s, and about a decade after that, it began to take the forms that IT and information security team members are familiar with today.

To date, the most famous ransomware attack — and certainly the most impactful in terms of the sheer number of those who were victimized by it — is 2017’s WannaCry. This particular act of extortion involved a viral exploit known as ExternalBlue, which attacked Microsoft operating systems that hadn’t been patched for a vulnerability in the Server Message Block file-sharing protocol.

Gizmodo noted that the attack, based on a self-propagating cyber warfare tool originally developed by the National Security Agency and hijacked by the ShadowBrokers hacker group, spread quickly to every device on every network it reached and randomly through the internet.

WannaCry-infected machines saw their data encrypted and received demands for $300 ransom payments into bitcoin wallets in exchange for decryption. Since the ransomware spread to as many as 200,000 computers across 150 countries before white-hat hackers began distributing decryption keys, its makers received almost $130,000 for their efforts.

Also, although the Department of Justice would ultimately charge a North Korean hacker, Park Jin-hyok, with deployment of WannaCry and various other cyberattacks, The New York Times pointed out Park would likely never stand trial for these alleged offenses due to poor U.S.-North Korean diplomatic relations.

Anatomy of a Typical Ransomware Attack

Social engineering strategies like phishing or spear-phishing are perhaps the most common delivery system for ransomware attacks, especially in organizational networks:

  • An employee receives an email purporting to be from a manager or co-worker, urging them to click on a link or attachment.
  • When they do, malware takes over targeted systems, either encrypting files or preventing access.
  • A ransom-demand message is then delivered, sometimes with a deadline. Bitcoin wallets are the typical method of payment requested by attackers, due to their use of decentralized ledgers that can be easily found but whose owners are virtually untraceable.

Existing vulnerabilities, like the Windows flaw that allowed WannaCry just enough room to sneak into so many machines, are another common entry point for ransomware scams. Intrusion through the internet of things is also entirely feasible, especially, as CSO noted, in the case of botnets that have seized control of dozens of devices.

Botnets can — and have — shut down large portions of the global internet due to their raw power, making them perhaps the most frightening ransomware threat vector. (That said, the average ransomware attack is more precisely targeted than the blitzkrieg approach of a large botnet would allow.)

Organizations of all kinds across the public and private sectors have found themselves the victims of ransomware. But throughout the late-2010s heyday of this cyberattack type, state and local government offices were targeted with particular frequency. In many cases, this was due to under-protected or outdated IT infrastructure that was easier to breach.

Due to the sensitivity (and volume) of information these bodies hold in their records, they will most likely remain common ransomware victims for the foreseeable future. On the private-sector side of things, energy sector firms and healthcare organizations — especially the latter — have often been similarly attacked and will continue to be targeted in 2020 and the years to come.

As stated, ransomware usually works by encrypting or walling off data, or bringing an infected machine (or network) to a halt through a dedicated denial of service. However, in some recent cases, cyberattackers have used the exploits in their ransomware deployments to steal data from businesses and leak it — or threaten to do so — to add further heft to their monetary demands, according to ZDNet. Organizations must be prepared for all of the worst-case scenarios that can accompany a ransomware attack.

The Personal Side of Ransomware Mitigation & Response

Most people are at least somewhat aware of ransomware by now. But that doesn’t necessarily mean the average employee of a given organization is trained to be cyberattack-wary in a manner that genuinely minimizes their likelihood of being hit with such an attack or provides them the skills to deal with it.

According to the results of the Chubb 2019 Cyber Risk Survey, only 31% of organizations offer company-wide training to bolster staff awareness of cyberthreats. Because of this, it’s hard to fault workers for falling prey to well-disguised ransomware scans.

The Infosec Institute pointed out that regular cybersecurity awareness training, once implemented, can be a significant aid to organizations’ efforts to reduce their overall levels of vulnerability to ransomware and other potentially devastating attacks. Experts noted that it can be particularly effective to engage employees in such training exercises on a monthly basis.

Framing these initiatives through the lens of gamification -— e.g., conducting simulated social engineering and ransomware attacks and offering prizes to those who respond to the mock threats properly — can further galvanize workers’ enthusiasm for and commitment to cybersecurity. This can lead to a significant decrease in staff members falling prey to the phishing, pretexting and other social engineering scams that often precede ransomware infection.

Choosing the Proper Tools

Training and increased awareness alone will not be sufficient to substantially mitigate the dangers that ransomware poses to countless organizations. It’ll also be necessary to find and implement a number of more concrete tools equipped to detect and repel or quarantine these cyberattacks.

If you already have an antivirus software solution in place, there’s a strong chance that it won’t be equipped to deal with contemporary ransomware threats unless the program is brand new. And most of the antivirus software that does work on ransomware is specifically focused on detecting and preventing it as opposed to other attack vectors.

Also, often as not, businesses that haven’t been previously targeted by cyberattacks of any kind will have let their cybersecurity measures fall out of date- and such lax awareness, on its own, can be enough to facilitate a ransomware intrusion, as the WannaCry debacle proved.

Instead, it may be best for your organization to use a multifaceted approach that includes not only employee training, firewalls and antivirus tools but also solutions for patch management and endpoint detection and response. As businesses integrate themselves further into the IoT landscape, their endpoint numbers will skyrocket, presenting that many more potential entry points for attackers, so it’s critical to protect them at all costs.

Syxsense offers comprehensive EDR software and patch management platforms along with always-available managed services from our support team. To dive deeper into the possibilities of our products, consider a free trial today.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||

Massive Ransomware Attack Strikes 23 Texas Towns

By BlogNo Comments

Massive Ransomware Attack Strikes 23 Texas Towns

The state of Texas has been hit with a rare coordinated ransomware attack that disrupted systems of 23 different local governments.

Use Patch Management to Prevent Ransomware Attacks

23 cities in Texas were hit with a coordinated ransomware attack this weekend. A research firm which studies ransomware, has said that attacks aimed at state and local government are on the rise, with at least 169 examples of government computer systems hacked since 2013. There have been more than 60 already this year.

One of the most popular ways of tapping into government networks is through remote desktop systems, which can be vulnerable to hackers. Last week, Microsoft included a patch for RDS which had a CVSS score of 9.8. Windows RDS has been exposed for a plethora of network hacks and global data thefts. It’s also one of the chosen weaknesses used to spread ransomware.

The biggest lesson to come out of these attacks is that applying security updates as soon as possible can go a long way toward avoiding victimization when vulnerabilities are exploited by ransomware.

The Best Offense is a Solid Defense

The Top 5 Patching Mistakes whitepaper breaks down the assumptions that many IT professionals have about managing their environment. When a future ransomware attack occurs, these mistakes could significantly contribute to the spread of it. Or, when the next doomsday strikes, you could be completely bulletproof.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Why Enterprise Ransomware Attacks Are Increasing

By Blog, Patch ManagementNo Comments

Why Enterprise Ransomware Attacks Are Increasing

According to researchers, ransomware is rapidly shifting toward corporate targets.

According to various sources, ransomware appears to see triple-digit spike in corporate detections. A pair of reports released by Black Hat and Accenture mark the enormous shift away from targeting typical consumers.

With attackers attempting to “win” the most payout, ransomware attacks are proving to migrate from consumer targets to organizations, businesses, and municipalities. It also appears consumer detections have finally fallen below organizational detections, according to Malwarebyte’s Black Hat 2019 quarterly threat report. The report determined that overall ransomware detections against enterprise environments in the second quarter rose by 363 percent year-over-year; meanwhile, consumer detections have been slowly declining by 12 percent year-over-year.

The report also found that ransomware is certainly expected to evolve with hybrid attacks with worm-like functionality and other malware families.

“This year we have noticed ransomware making more headlines than ever before as a resurgence in ransomware turned its sights to large, ill-prepared public and private organizations with easy-to-exploit vulnerabilities such as cities, non-profits and educational institutions,” said Adam Kujawa, director of Malwarebytes Labs, in the report published on Thursday at Black Hat 2019. “Our critical infrastructure needs to adapt and arm themselves against these threats as they continue to be targets of cybercriminals, causing great distress to all the people who depend on public services and trust these entities to protect their personal information.”

Earlier in the month, Accenture’s iDefense division discovered MegaCortex, a form of malware in prior years, has been rearchitected as enterprise-focused ransomware.

“The authors of MegaCortex v2 have redesigned the ransomware to self-execute and removed the password requirement for installation; the password is now hard-coded in the binary,” states Leo Fernandes, Senior Manager of Malware Analysis and Countermeasures at Accenture. “Additionally, the authors also incorporated some anti-analysis features within the main malware module, and the functionality to stop and kill a wide range of security products and services; this task was previously manually executed as batch script files on each host.”

It also appears that ransomware will not only focus on local files but attempt to access enterprise network shares, unbelievably increasing the level of impact from ransomware. “The evolution of ransomware from high volume, low return, spray and pray consumer attacks to lower volume, high value, targeted attacks against business is well documented,” stated Security Week, “The intent now is not to simply encrypt local files, but to find and encrypt network shares in order to inflict the greatest harm in the shortest time.”

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||

MegaCortex Ransomware Targeting Victims Worldwide

By Blog, Patch ManagementNo Comments

MegaCortex Ransomware Targeting Victims Worldwide

A new variant of ransomware called MegaCortex is targeting enterprise networks and organizations across the United States and Europe.

A new variant of ransomware has been discovered, called MegaCortex, that is targeting enterprise networks and organizations. Once the environment is penetrated, the attackers infect it by distributing the ransomware using Windows domain controllers.

Researchers at Accenture iDefense described that operators behind the ransomware are focusing strictly on corporate targets to ensure large cash payouts. Being a new variant of ransomware, not much is currently known about its encryption algorithms (other than it’s been reported an RSA public key is hardcoded into the malware), how the network can actually be infiltrated, and whether the payments are actually being honored.

“With a hard-coded password and the addition of an anti-analysis component, third parties or affiliated actors could, in theory, distribute the ransomware without the need for an actor-supplied password for the installation,” the researchers say. “Indeed, potentially there could be an increase in the number of MegaCortex incidents if the actors decide to start delivering it through email campaigns or dropped as secondary stage by other malware families.”

How MegaCortex Strikes

The ransomware creates a ransom note named “!!!_READ_ME_!!!.txt” and contains information about the ransom as well as the email addresses to contact the attackers.

Ransomware aimed at enterprise and corporate networks continue to rise, not just because of the hope for larger payout, but because of centralized authentication making it easier for devices to spread the ransomware so quickly.

Using a tool like Syxsense can actively prevent breaches before they spread. Receive live, accurate, data from thousands of devices in under 10 seconds then instantly detect running .exes, malware or viruses and kill those processes before they spread.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|

Ransomware Disrupts Massive Shipping Company

By NewsNo Comments

Cyberattack Causes Shipping Industry Disaster

COSCO, one of the world’s largest shipping companies, has experienced a ransomware attack on their US network. Their Long Beach terminal reported that their website and telephone network went down on July 25.

The company initially downplayed the event, however it quickly became apparent this was much more than a technical difficulty.

There is a legitimate fear this current attack is “a proxy for the entire industry.” Hackers might be testing the waters for lessons learned after the NotPetya attacks in June 2017. The losses and response times will be studied closely by many companies, and future malicious actors.

With the increasing rate of cybercrime, many are starting to accept these attacks as an unavoidable hazard of running a business. But there is a way to combat such threats and mitigate risk. Keeping up to date on patching is the #1 strategy for protecting your company from ransomware.

Syxsense has a comprehensive patch manager. With a quick scan, you can see what devices need updates and the severity of those patches. The deployment task is easily configured and can be set to happen on demand or scheduled around business hours.

There’s a better way to manage your environment. See how with a trial of Syxsense.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||||

BadRabbit: Newest Ransomware to Target Corporate Networks

By NewsNo Comments
[vc_single_image image=”13132″ img_size=”full”]

Updated 10/25/17 at 09:51am 

Ransomware Alert: BadRabbit is the New NotPetya

A new ransomware attack from the actors behind ExPetr/NotPetya has jumped into the spotlight. The outbreak began in Russia, infecting big Russian media outlets, but it has already spread. Several US and UK firms, with corporate entities in the Ukraine and Russia, have already been infected. An increase of US infections is expected. BadRabbit is currently running wild over Europe, thanks to its close ties to the source region.

The US computer emergency readiness team has released a statement and “discourages individuals and organizations from paying the ransom, as this does not guarantee that access will be restored.”

Several security agencies are reporting that a false Adobe Flash Update is the infection method. Without utilizing exploits, the ‘drive-by’ attack tricks the victim into downloading the fake installer from a convincing website. The victim, assuming it is a legitimate Flash update, then manually launches the .exe file. From there, BadRabbit has a hold of the device and can spread to more devices on the connected network.

There are several recommended steps for stopping the spread of this new ransomware. The first step is to disable WMI Service to prevent the hopping of ransomware throughout your connected networks. It may be inconvenient, but especially if you have offices in the Ukraine or Russia, disabling that connection could be the key to preventing your entire company from being infected.

There is also now a ‘vaccine’ for BadRabbit. The security researcher Amit Serper posted his findings on Twitter.

[vc_single_image image=”13141″ img_size=”large” alignment=”center” onclick=”custom_link” img_link_target=”_blank” link=”https://twitter.com/0xAmit/status/922911491694694401″]

The tweet reads: “I can confirm – Vaccination for #badrabbit: Create the following files c:windowsinfpub.dat && c:windowscscc.dat – remove ALL PERMISSIONS (inheritance) and you are now vaccinated.“

With a software distribution solution, like Syxsense, you can easily deploy this file to every device you manage. Utilizing the simple deployment wizard, you can have a task running in seconds to protect your environment.

Another important step to protect yourself from ransomware is to have a rigorous patching strategy in place. Syxsense ensures the security of your content. We have both Microsoft updates and the industry’s leading library of third-party updates.

[vc_single_image image=”12545″ img_size=”180×180 px” alignment=”center”]

We obtain all our content directly from their source and don’t change the code. The update you deploy through our patch manager is the same one you would get directly from the vendor. The difference is we put logic around the update to ensure an accurate deployment.

Ransomware attacks have picked up in the last few months, and will only get more bold and pervasive. Protect your company and environments by implementing Syxsense.

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

Start Patching

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]