According to the Institute for Critical Infrastructure Technology (ICIT), this is the year when “ransomware will wreak havoc on America’s critical infrastructure community”. Ransomware attackers are 21st century highwaymen, “threatening the lifeblood of their victims — information” and “law enforcement has neither the time nor the resources to track down the culprits.”
What can you do? One thing firms can do is make sure that personnel are more aware of common ransomware attacks by user awareness and training that will deter the attackers. The importance of not clicking on unknown emails or attachments, or even ads on reputable sites, and of learning to recognize bogus emails and ads, should be impressed on all staffers from top to bottom. In addition, all personnel should be warned not to use unsecured devices for client data, connect unprotected personal devices (such as flash drives) to company systems and to keep their own antivirus protection up to date. Last but not least, firms should keep their own system protections current, ensure that all third-party vendors are thoroughly checked out, and have a plan in place to respond if they’re infected.
1. Traffic distribution system (TDS)
- Traffic distribution services redirect Web traffic to a site hosting an exploit kit. That traffic can be pulled from adult content sites, video streaming services or media piracy sites. Some ransomware groups may even hire a TDS to spread their ransomware. Another reason that you should never allow employees to download anything without IT consent.
- A malicious advertisement can redirect users from a harmless site to a malicious landing page. Malvertisements may appear legitimate and can even appear on trusted sites if the administrator is fooled into accepting the ad provider or if the site is compromised. Malicious threat actors can purchase traffic from malvertisement services.
3. Phishing e-mails
- These are the primary delivery methods of ransomware, simply because people are so conditioned to open emails and click on links and attachments. Even with training and awareness programs, most organizations find it difficult to reduce successful spear phishing attempts to less than 15% of personnel.
- Malware can be delivered onto systems through stages of downloaders to minimize the likelihood of signature-based detection. Ransomware criminals pay other threat actors to install their ransomware onto already infected machines. Ransomware could even act as a mask for a deeper malware infection unsuspected by users that will remain even after the ransomware is removed.
5. Social engineering
- Social engineering and human ignorance can conspire to get people to install the malware on their own computers. Fake antivirus applications tell users that their computer is at risk of numerous debilitating viruses, and performance optimizers convince users that their system can achieve better results.
- Usually a form of crypto-ransomware (which encrypts a user’s data), some forms of ransomware are able to self-replicate throughout a network much as other kinds of malware do — such as spreading through a user’s contact book via messages into other systems.
7. Ransomware as a service (RaaS)
- This is actually the outsourcing of malware to less technical criminals. The applications are designed to be deployed by almost anyone, with the original creator of the malware collecting a percentage of the ransom as a fee if the person using the creator’s ransomware is successful at collecting a ransom from the victim.
Gary Harshbarger is our Cyber expert and can help your company make sure it’s protected from ransomware and cyber threats.