Five Things to Know about
Ransomware
Ransomware
With WannaCry barely in the rear view mirror,
ransomware was back in the spotlight with a new malware dubbed NotPetya. We can
expect to see new ransomware strains as advanced attackers continue to evolve
their tactics, and the ramifications on business will be significant if
proactive measures are not taken. In previously posts, we’ve deconstructed
ransomware and offered mitigation tips. To protect your organization, it’s
important to be informed and have baseline knowledge
ransomware was back in the spotlight with a new malware dubbed NotPetya. We can
expect to see new ransomware strains as advanced attackers continue to evolve
their tactics, and the ramifications on business will be significant if
proactive measures are not taken. In previously posts, we’ve deconstructed
ransomware and offered mitigation tips. To protect your organization, it’s
important to be informed and have baseline knowledge
Here are
five things to know about ransomware:
five things to know about ransomware:
1. What is ransomware? Ransomware is
a type of malicious software, or malware, that denies access to files and data
until a ransom is paid. There are two distinct types of ransomware. The most
common is crypto ransomware, which encrypts sensitive data and files until a
ransom is paid. The other type, locker ransomware, locks a device, completely
preventing the victim from using it. In most cases, ransomware encrypts
personal files, blocking users from accessing them. Victims are given
instructions on how to pay the requested ransom, and only after doing so, are
they given a decryption tool that will unlock the files.
a type of malicious software, or malware, that denies access to files and data
until a ransom is paid. There are two distinct types of ransomware. The most
common is crypto ransomware, which encrypts sensitive data and files until a
ransom is paid. The other type, locker ransomware, locks a device, completely
preventing the victim from using it. In most cases, ransomware encrypts
personal files, blocking users from accessing them. Victims are given
instructions on how to pay the requested ransom, and only after doing so, are
they given a decryption tool that will unlock the files.
2. How does ransomware encryption
work? A well-designed ransomware strain will typically use an asymmetric
encryption algorithm, which leverages a pair of keys – one public and one
private. The data that is encrypted with the public key can only be unlocked by
this matching private key and vice versa.
work? A well-designed ransomware strain will typically use an asymmetric
encryption algorithm, which leverages a pair of keys – one public and one
private. The data that is encrypted with the public key can only be unlocked by
this matching private key and vice versa.
3. How do victims pay cyber ransoms?
Ransoms are typically paid in the cryptocurrency Bitcoin due to its anonymity
and difficulty to trace.
Ransoms are typically paid in the cryptocurrency Bitcoin due to its anonymity
and difficulty to trace.
4. How much is a typical ransom?
Requested ransom amounts can vary wildly. In the WannaCry attacks, victims were
asked to pay between $300 to $600 via BitCoin to have their files unlocked.
This may not seem like much, but it’s important to consider the other, more
severe, costs resulting from such attacks due to downtime caused by lack of
access to systems. Shockingly, it was recently reported that South Korean web
hosting provider paid $1 million in bitcoins to hackers after a Linux
ransomware infected its servers and encrypted the websites data hosted on
them. A big jump from the amount the
Hollywood Presbyterian Medical Center reportedly paid last year.
Requested ransom amounts can vary wildly. In the WannaCry attacks, victims were
asked to pay between $300 to $600 via BitCoin to have their files unlocked.
This may not seem like much, but it’s important to consider the other, more
severe, costs resulting from such attacks due to downtime caused by lack of
access to systems. Shockingly, it was recently reported that South Korean web
hosting provider paid $1 million in bitcoins to hackers after a Linux
ransomware infected its servers and encrypted the websites data hosted on
them. A big jump from the amount the
Hollywood Presbyterian Medical Center reportedly paid last year.
5. How do I mitigate risk?
Ransomware prevention measures can seem particularly daunting as administrator
rights are not always required for some of today’s advanced strains of malware
to compromise an end users’ machine and infect the endpoint. This means that
while privilege management can play a role in mitigating risks, many strains of
ransomware can encrypt data using standard user rights. So even if an
organization has removed local administrator rights, this doesn’t necessarily
mitigate the risk. However, testing at CyberArk Labs demonstrated that
application control, including greylisting, coupled with the removal of local
administrator rights, was 100 percent effective in preventing ransomware from
encrypting files.
Ransomware prevention measures can seem particularly daunting as administrator
rights are not always required for some of today’s advanced strains of malware
to compromise an end users’ machine and infect the endpoint. This means that
while privilege management can play a role in mitigating risks, many strains of
ransomware can encrypt data using standard user rights. So even if an
organization has removed local administrator rights, this doesn’t necessarily
mitigate the risk. However, testing at CyberArk Labs demonstrated that
application control, including greylisting, coupled with the removal of local
administrator rights, was 100 percent effective in preventing ransomware from
encrypting files.
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!
