- August 8, 2016
- Posted by: admin
- Categories: IT Security, Ramsomware
Ransomware attacks & infections are on the rise in the Middle East and a lot of customers are falling victims to Ransomware attacks on a daily basis. This article takes a look at how organizations can stay protected against Ransomware without spending a huge amount of money.
There are 2 types of Ransomware – (1) Ransomware that encrypts the files and demands ransom (Cryptolocker, Locky, Cryptowall, etc.) and (2) Ransomware that locks the operating system or MBR (Winlocker, Satana, Petya, etc.). More than 100 different known Ransomware types are actively targeting potential targets and every organization should be careful so that they are not the next victim. Users get infected either by clicking on links/attachments from phishing emails or by visiting compromised websites. In many cases the users get redirected to malicious websites without their knowledge or the websites they visit may have been compromised by hackers. Once a system is infected Ransomware can spread within the network by exploiting software vulnerabilities. Cybercriminals use various social engineering techniques to infiltrate target users.
Antivirus software is not able to detect because Ransomware uses advanced techniques like polymorphic behavior, anti-sandboxing, domain shadowing, and encrypted communication.
Proper traffic pattern analysis and filtering at endpoints (desktops/laptops & Servers) can help organizations stay away from Ransomware attacks. Ransomware infection starts with a user clicking on a malware link/agent without knowing that it is malware. A proper traffic filtering mechanism can stop the request from going to the Ransomware C&C Server and also it can stop the key exchange required for encryption to happen. Also, basic Security Awareness training for end-users can help organizations stay away from major IT Security challenges that they face today and the beauty is that all this can be done without spending a huge amount of money.