Ransomware- A Reality Check (Part 2)
- Ransomware- A reality check (Part 1)
- Ransomware- A reality check (Part 2)
- Ransomware- A reality check (Part 3)
Variants of Ransomware
Bad Rabbit: It was distributed by a fake Adobe Flash update on a corrupt website. Fake Adobe Flash update; once it is downloaded, your data has been compromised.
Crypto wall: Malware hides in your zip files and other email attachments, and then it makes its way to your devices. Once you install them, it tries to find java vulnerabilities to encrypt or withhold your data.
Patia: It is a crypto-ransomware that targets your Windows servers, laptops, or PC and mostly takes advantage of SMB (Server Message Block) and tries to steal your credentials and spread them into your machine.
Wanna cry: It was first seen in a large-scale crypto-ransomware attack in 2017. It affected almost a quarter-million machines internationally, and it spreads through your windows operating system.
Black Byte: It is a notorious variant that compromised multiple US and foreign businesses, including three critical US infrastructure sectors. It encrypts your files and compromises the Windows host system, including physical and virtual servers.
Countermeasures
The following are the countermeasures or defense mechanisms to be implemented to ensure safe data transfer:
Using Firewall to its fullest capability
Firewalls are the most reliable. If a firewall does not allow a malicious web request or an email security gateway has been implemented, then the users will not get any malicious attacks or emails. But if the firewall fails, there should be backup plans.
Log4j attack: Log4j vulnerability, an Apache web server, has been exploited in the wild by executing games and transforming from exploiting the game servers to the actual corporate servers.
User Education
For example, if an email passes through an email security gateway and firewall, and if the user is unaware of potential phishing emails, it develops the attack surface.
Kevin Mitnick, the most notorious hacker, started phishing the telephone, and the FBI searched for him a lot. There is training from this company called KnowBe4 that makes the user aware of phishing and how to identify emails received from an unsuspected user.
Disabling Macros execution
Now the execution of macros is the popular one where people get exploited. For example, a malicious document is attached to a mail received by the user unaware of it and thinks it is legitimate. He then opens the documents, and therefore the macros get enabled in the organization if he uses the organization network.
Macros are small code blocks that get executed automatically in the background, primarily when an office application is based on a visual basis. These codes are written to exploit any existing vulnerabilities in the computers.
Implement Web security
The Cross-site scripting attack- suppose your browser is vulnerable to any particular attack. These types of vulnerabilities of the browsers are exploited by visiting any malicious website.
There’s a well-known chef Jamie Oliver, whose website was vulnerable. As everyone visiting his website had downloaded the malicious code in the background. To overcome such malicious code, every organization should implement WAF rules and disable adblock.
Incorporate least privilege policy
Rule-based access control and our backup is most important. The privileged access to people only to perform the activity, not the full access, is part of a defense-in-depth strategy.
Network Segmentation
The HR Department is the one who receives more external emails document or PDF files when compared to the software development department. Do you think both guys should work on the same network to implement high security?.
If HR receives a malicious email and clicks, the malware starts spreading in the environment. For example, Wipro was part of the MSSP attack. A supply chain attack has been infected because some other team had clicked some URL that led people to come into the network. If they had segmented their network, they would have prevented it.
Active monitoring
Security Analyst Security Operation Center (SOC) monitors 24/7 alerts. They look to modify and identify the attacks. For example, when they figured out that log4j was being exploited by 3000 times of log4j attempts, they implemented alerts and security measures to block the attempt and notify us. That helps to take further steps and investigate that particular source or IP address.
Action Plan
It’s not about how you will be attacked; it’s about when you will be attacked. Even organizations with high security are compromised, and an Action plan helps in this case.
A clear and detailed action plan of what to do and how to do it when an attack occurs includes the most practical and effective countermeasure to implement quickly.
Contact Us
1800-843-7890 (India) 
