The Locked Down Attack
Ransomware has rapidly emerged as a significant threat to businesses and organizations of all sizes. In this day and age where data is invaluable, cybercriminals are taking advantage of people who don’t know a lot about malware behaviour.
You need a plan to minimize the risk of this high profile threat, so that you can avoid the business disruption, loss of productivity, damage to brand reputation and legal implications that come along with recovering from a ransomware attack.
“84% of organisations believe their company would be seriously damaged if it were successfully infected with ransomware”
What is ransomware?
Ransomware is a type of malware that locks, encrypts, or otherwise prevents data and systems from being accessed by their owners, and requires victims to pay a ransom to the criminal responsible for the attack in order to regain access. It is primarily distributed via exploit kits, social engineering schemes and spam mails that are sent to a large number of email addresses.
When a recipient opens a malicious attachment or clicks a compromised link, the malware is downloaded on to the user’s system. The fear of losing priceless data can push users to pay the ransom—and while they may opt to pay, having their files unlocked or decrypted is never a guarantee.
Known Ransomware Threats
This malware has the ability to enumerate all logical drives, including drives mapped to shared networks. This puts an entire network at risk and could be a major threat to enterprises.
Can overwrite an affected system’s master boot record to lock users out. Infected units receive the ransom note when they boot up the system and can’t go any further. It is delivered to victims via legitimate cloud storage services.
An encryption malware that is the first crypto-ransomware for Mac and is installed via an open source file-sharing application. Creators of the malware used a Mac app developed certificate to get past Apple Gatekeeper, a security feature that allows users to restrict which sources they can install apps from.
SAMAS (also known as SAMSAM)
The first ransomware that has the ability to encrypt files across networks, threatening an organization’s database and network-stored backups. Users of SAMAS are known to manually locate and delete network backups to force companies to pay ransom.
Searches and deletes Volume Shadow Copy of files, which are automatic backup files for Windows.
The encryption method of this ransomware is similar to most, its infection vector is unique. It comes in the form of an email that has the user’s name and mailing address, making the email seem trustworthy. When they download the attached file, the ransomware is activated.