Ransomware is a hot topic these days. We’re seeing it in the headlines far more than we’d like. The trick about digital attacks like this, and most malware attacks in general, is the ever-changing nature of them. The ransomware attacks we saw a year ago aren’t the same as they are today. Here’s an update on some of the latest variations.
Attackers have adopted new strategies for infiltrating networks, improved their ability to do damage, and, just as important, have embraced sophisticated growth-enabling business models.
For example, users have been getting training on not clicking on malicious attachments or visiting malicious sites, and anti-malware vendors have been getting better at spotting those sites and attachments. But worms spread themselves without the user needing to do anything at all. “The worm will look and scan its surroundings on the network that have the vulnerability that it is looking to exploit, and copies itself onto the exploited machines,” says Robert Simmons, director of research innovation at ThreatConnect, Inc., a security vendor based in Arlington, Va.
A company that has a vulnerable machine connected to the internet is an easy target, for example. If a company has locked-down all its public-facing computers, an employee might use a mobile device or laptop to connect to an insecure network that has another infected machine on it, Simmons says.
Then, once the employee is back on the company network, the ransomware can spread from there. Once inside, the attackers don’t only launch encryption right away, he adds.
“With Petya, they found that in addition to its ransomware capabilities, it had a tool to provide an additional capability of attacking Windows domain controllers, the locations where the credentials and passwords to your network were kept,” he says. “So they’re branching into other capabilities that would let them pivot around the network.”
The attackers can steal data, for example, or do other damage. Then the ransomware will go off, and help the attackers cover their tracks. “The ransomware would be used as a smokescreen,” he says. “It would make it more difficult for a responder to find evidence of the original attack.”
With the rate of change associated with these attacks, unfortunately there is no simple solution. However, following some simple best practices for data security, like keeping your software and antivirus up-to-date and backing up your data regularly, you can lessen the likelihood of catastrophic data loss. The IT experts at Great Lakes Computer can help. We can not only provide you with best-in-class protective software and backup, we can also remotely monitor your network for suspicious activity. Data security is a full-time job and we’re here to take on that role.