Ransomware threats continue to grow in 2019 as cybercriminals become sneakier and more targeted in their efforts, which means only organizations that are continuously proactive in maintaining security may come away unscathed.
Consider the latest:
- The group behind the Dharma ransomware is now bundling it inside a fake antivirus software installation. Phishing emails that reportedly come from Microsoft claim the victim’s Windows PC is “at risk” and urge the user to click on a link to update their antivirus. Once that link is activated, the ransomware then encrypts files in the background while the user completes the antivirus installation process.
- There have been nearly two dozen ransomware attacks on local government, law enforcement agencies, and universities in 2019. Only about 17 percent of local governments pay a ransom to the attacker, but such malicious activity still pays off for cybercriminals. Even though cybercriminals may not have been targeting an organization specifically, once they gain access, they can determine if it’s worth asking for a ransom. A second reason is that they can sell access to an already compromised and valuable system to other cybercriminals for $10 to $15.
Many security experts preach the importance of being proactive when it comes to IT security, but sometimes their advice appears to go unheeded. For example, it’s been almost two years since the WannaCry ransomware was unleashed on the world, encrypting thousands of computers in more than 150 countries. Shodan, a search engine for exposed databases and devices, points to as many as 1 million Internet-connected endpoints that are still vulnerable, with the most found in the United States. (There is suspicion that the malware came from stolen classified hacking tools developed by the National Security Agency and published online.)
As ransomware becomes more targeted and frequent, there must be more “tailored defenses” to protect organizations, advises Security Boulevard.
Some advice from experts:
- Monitor vulnerable periods. Cybercriminals seek to maximize opportunity and so will carry out phases of their attacks on different days of the week. Security Boulevard finds that “pre-compromise” traffic is about three times as likely to happen during the work week, probably because phishing attacks require someone to click on a bad email, while “post-compromise” traffic is less evident. Command-and-control activity can happen at any time. “Differentiating between weekday and weekend Web filtering practices is important to fully understand the kill chain of various attacks,” Security Boulevard’s report says. It also advises being aware of what ransomware is targeting, such as geography and various vulnerabilities, since ransomware is a “game of choice” rather than a “game of chance.”
- Teach employees to be suspicious. When training employees to avoid phishing emails, urge them to think about whether it makes sense to be receiving an email from UPS, for example, when they’re not expecting a package. “Or if you receive an email that appears to be from someone in your contact list that you haven’t talked to in years and the message doesn’t make sense, don’t open the attachment,” advises Gregory Zolkos, president and CEO of Atlas Professional Services. A Google survey finds that only 60 percent of respondents know what “phishing” means.
- Know that malicious software looks legitimate. More than 3,800 malware samples were signed with valid certificates from well-known certificate authorities, find researchers from Chronicle. While more signed malware is expected, the good news is that, “Certificate authorities are actively revoking certificates from malware executables that are identified in the wild,” Chronicle reports.
Organizations must stay vigilant as cybercriminals hone their attacks daily. Only through planning, preparation, and training can companies prevent, detect, and recover from such malicious activity.