You’ve heard the story before – Company X or Hospital Y cannot access their information systems, nor can they restore from backup for a variety of reasons. How did they lose access? Malware encrypted the file system and “hackers” (if you wish to call them hackers – I refer to them as extortionists) will only provide the decryption key for the right price. This activity is referred to as “ransomware,” and is defined as “malware that infects computer systems and restricted users’ access” (US CERT). Imagine losing either a critical part of your business, or in certain cases, the entire business with no recourse. If the only option was to pay the extortionists, you would need to know how to purchase and send bitcoin, something not many are intimately familiar with.
Ransomware is now the most popular information systems attack vector, as nearly 90% of phishing messages contain, or link to, ransomware. Some of the most recent variants, such as Locky and Samas, created more havoc than earlier versions of CryptoLocker due to their infection and encryption methods.
How is it transmitted?
As mentioned, 90% of phishing messages contain, or link to, ransomware, making malicious e-mail attachments the most popular distribution method. The next vector exploited the most is drive-by downloading, which occurs “when a user unknowingly visits an infected website and malware is downloaded and installed without the user’s knowledge” (US CERT). Web servers have also been targeted and exploited to gain entry into a company’s network.
Prevention and Eradication
There are several techniques organizations can employ to prevent, and if infected, eradicate ransomware.
First National Technology Solutions offers a variety of information security protection mechanisms aimed at keeping organizations secure. Reach out to a representative to see how First National Technology Solutions can enhance your security posture against ransomware.
Referenced: US-CERT