Rise of Ransomware

-
In 2013, Cryptolocker ransomware came into the light and set the world of cyber security on fire. It was recognized as the modern age ransomware. Later on, more lethal and more dangerous ransomware followed Cryptolocker and raised some serious questions to organizations’ security. The best part of these ransomware attacks was the awareness. The world became more aware about cyber security and there was universal agreement made that security is the essential ingredient now a days to protect the organizations data and assets.
In the recent years, there are so many ransomware identified which shook the world and the impact it had was phenomenal and got the eyeballs of every single organization. It doesn’t matter what’s the volume of your organization or what kind of data you are dealing with on a daily basis, ransomware is not gonna spare you. Period!
Cybersecurity ventures has revealed some interesting and threatening facts in their annual report regarding ransomware impact.
- Every 40 seconds a business falls victim to a ransomware attack.

- Cybersecurity Ventures predicts that will rise to every 14 seconds by 2019.
- The FBI estimates that the total amount of ransom payments approaches $1 billion annually.
- Global ransomware damage costs are predicted to exceed $5 billion in 2017, up more than 15X from 2015.

WannaCry, NotPetya, CrySis, Jaff, Spora, Jigsaw, Nemucod, Locky, SynAck, Cloudbleed, SimpleLocker, TeslaCrypt are the popular ransomware that were in headlines for long time. So. What is this all Ransomware? What exactly it does? Should I worry about it? If I’m vulnerable, how to tackle with it? Well, we’ve got you and have the answers to your questions in our kitty.

What the hack is Ransomware?

Ransomware is a malware or you can say malicious software which infects computers and restricts their access to files, often threatening permanent data destruction unless a ransom is paid.
Ransomware can infect the servers, network devices, computers, attached devices (USB, HDDs etc.
As the name suggests, Ransomware are spread with an aim to recuperate some handsome ransom from the organizations in exchange to release or give access to their own data.
Should I worry?
Of course, you should worry. As per the reports of Trendmicro, 29 ransoms were identified in the year of 2015 and there was a significant growth in the numbers in the next year,2016 and it reached to 247- 752% increase. Damn! That number it self says the growth rate in ransom and how dangerous it can be in the coming time. Well, the trend continued in the year 2017 as well when WannaCry and Petya were detected. WannaCry took the cyber world by storm with its arrival.
You should worry because if you install any malicious software without your knowledge, it will hijack your OS/File system and infect them like anything. All your data will be locked and the irony is you need to pay ransom which is asked or forget your data. Obviously, you will pay if the data is too much critical for you.
So you gotta need to be careful while downloading or installing the softwares. In fact, there is need to be careful while surfing the internet. You never know when you are redirected to the malicious sites and forced to download the softwares which are vulnerable and make your life worse at least.
How exactly it works?
The most common medium which helps ransomware spread its wings and trick the users into the trap is PHISHING.
The attacker sends malicious links to the user and give the best shot to convince the user that the link or attachment sent is legitimate. The user is trapped and allows the ransomware to take over the charge of its system/ File system. Well, again it depends upon the type of ransomware as well. Some ransomware encrypts the file systems and demands for ransom in exchange to revert back the access to the user. While some ransomware are made to infect the servers and network devices connected. So it varies upon the type of ransomware.
“The attackers mostly target the giant organizations to recuperate good ransom from them. Ransomware offerings range from basic USD10 offerings to targeted offerings on Android (USD 250) and even customized offerings for $1400. The more customization that’s required, the higher the price. The most expensive ransomware offering observed by Carbon Black was USD 3,000, but the entire kit was completely customized and used for targeted campaigns.”
How to tackle with these ransomware?
Well, There are certain ways to tackle with these attacks. It don’t give the assurance that you are always going to be safe but it surely does avoid the situations being the worst.
Mitigation Steps:

1. Always keep a backup of your data

It is always recommended to have the back up of your all data or critical data at least. Keep the back up and copies of it updated.

2. Define the control access

It is mandatory to restrict the access to the sensitive or critical data. Access control mechanism needs to be in place for the organizations. Who will have access to what and at what extent, this needs to be addressed properly to avoid the setbacks later on.

3. Install the updates and patches on time

Always keep your systems updated. Install the security patches released by the authorized vendors on time. Security patches will avoid the further exploitation of the dangerous vulnerabilities and will keep the data and systems safe as well.

4. Say no to Ransom

If you’re asked to pay ransom, say a clear NO! If you have the data back up in place, there’s no need to pay the ransom and if you don’t still it is not recommended not to pay the ransoms. The reason is clear. Your ransom will encourage the attackers to create and spread more ransoms in the coming time. Its an easy and effortless income for them. Paying ransom is never gonna help you!

5. Trainings and awareness programs

Organizations need to start educating the employees about security and its importance. Training programs should be on place for that. The employee should understand the phising mails, best practices and to achieve that trainings and simulation programs will help without any doubt.

6. Security centered environment

Organizations need to focus more on the security posture. There should be readiness to tackle any incident which occurs in real time, monitoring programs, incident response, operations center will them to achieve it. The adoption of new technologies will also make these tasks bit easier and efficient.




Comments

Post a Comment

Popular posts from this blog

Dresscode-Android malware that can infiltrate corporate networks is spreading

-
Image
According to Trendmicro, DressCode-a family of Android malware, has been found circulating in at least 3,000 Trojanized apps. An Android malware is spreading across app stores, including Google Play, and has the capability of stealing sensitive files from corporate networks. DressCode hides itself inside games, user interface themes, and phone optimization boosters. It can also be difficult to detect because the malicious coding only makes up a small portion of the overall app. On Google Play, Trend Micro found more than 400 apps that are part of the DressCode family, it said. That's 10 times more than what security researchers at Check Point observed a month ago. Trend Micro added that one these apps on Google Play had been installed 100,000 to 500,000 times. Once installed, Dress Code's malicious coding will contact its command and control servers and receive orders from its developers. The malware is particularly dangerous because it can infiltrate whatever internet
Read more

Clickjacking leads Android ransomware to gain the administrative rights!

-
Image
What is Ransomware? Ransomware   is one type of malware which prevents or limits users from accessing their system.   File-encrypting ransomware which is also called as Cryptolocker applications that target Android devices are becoming increasingly sophisticated. One new such program is using clickjacking techniques to trick users into granting it administrator rights. What’s this Clickjacking? Clickjacking is a method that involves manipulating the UI in a way that allows attackers to hijack users' clicks and trigger unauthorized actions. It is mostly used in Web-based attacks, where various technologies allow creating invisible buttons and positioning them on top of seemingly harmless page elements. Due to the restrictive application permissions system in Android, ransomware apps targeting the OS have historically been less effective than on Windows. For example, many of the early Android ransomware threats only displayed a persistent window on the screen with an
Read more

Importance of secure SDLC

-
Image
Time does require the change. Isn’t it? We’ll talk about the importance of securely software development life cycle in this story. We all know what exactly SDLC is? SDLC stands for Software Development Life Cycle. The developers builds the applications for certain purpose. The SDLC process has got certain pre-defined phases.  Requirement Gathering: What is the purpose and what’s it going to take for building the application. Plan and Design: Plan the phases of development. Prioritize the modules and finalize the design suitable. Implementation: Start implementing the modules. Coding takes place. Testing: Test the modules which are built Deploy: Deploy the application once the application is tested properly. Maintain: Check whether the application behaves exactly in the same way it was meant to. Eliminate the vulnerabilities identified if any. This is how the traditional SDLC process works. There are certain models to accomplish the pr
Read more