CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

7 Fundamental Ways to Repel Ransomware

Let's put aside for a moment the mega data breaches that resulted in millions of confidential customer records going out the door. If 2015 is to be remembered for one thing in the world of cybersecurity, it might be the year ransomware hit the big time.

Ransomware is "kidnapping" malware that has been plaguing home users and businesses for many years, but which has significantly spiked over the past 24 to 36 months to become a hugely profitable racket for cybercriminals - and a source of great tension for IT and security professionals. The threat initially gained notoriety for its maddening ability to freeze individual keyboards and computers - usually with bogus statements from the FBI concerning child pornography - but in recent years it has evolved to encrypt sensitive data files, with the attackers the only ones holding the private keys to unlock them. The most recent strains of ransomware are going even one step further: They are being bundled with password stealers that are used to exploit weak website security.

The fraudsters won't release the key, of course, until you make a payment, usually requested in bitcoins. The going-rate is around $500, but the shakedown can stretch into the several thousands of dollars for victims - never mind the costs associated with downtime and recovery, as well as potential legal and customer-related costs. Because the attack is so crippling, many businesses end up deciding to pay the ransom - an outcome that even the FBI hasn't encouraged against. The most common ransomware family is CryptoWall, which the Internet Crime Complaint Center in the United States estimates was responsible for nearly 1,000 complaints between April 2014 and June 2015, with those victims reporting some $18 million in losses. TeslaCrypt and CBT Locker are two other families that are popular. Reveton and Chimera are still around, but somewhat outdated.

Purveyors of ransomware typically stop short of exfiltrating compromised data as we've become accustomed to with traditional data breaches. Instead, they aspire for a quick hit and an even quicker reward. Once compensated, they usually live up to their end of the bargain and release the data from their control - If they didn't, nobody would ever pay the ransom - although that's no guarantee they've abandoned their foothold in the target environment.

Ask any security expert why ransomware has become so popular and they'll give you roughly the same answer: It's not a complicated scam requiring different players handling specific tasks (as you might find in a credit card breach operation). It often results in quick cash - Trustwave researchers estimated the return on investment for ransomware attackers is a whopping 1,425 percent - and most of all, it works. The threat is often difficult to detect and even harder to remove once it has infiltrated a target, which, by the way, doesn't just include PCs, but also mobile devices (where the threat is growing fast), Linux-based systems and even medical devices.

What steps can you take to rebuff a ransomware attack? Try these seven recommendations:

1) Back up Your Data

This allows you to quickly recover from an incident. Be sure to regularly replicate file changes in your production environment, so your fallback point is an acceptable amount of time for your organization in case of an attack.

2) Disconnect from the Internet

At the first sign of a malware infection, detach the compromised machine from the network, cutting off the attacker's control of it. However, take note that this will not stop the encryption process if it's already been initiated by the ransomware.

3) Run Anti-Malware

It's not enough to simply have anti-virus running on your desktops. You also need live anti-malware capabilities that can conduct real-time code analysis and dynamic URL categorization.

4) Spread Security Awareness

Ransomware scams tend to begin like most malware infections - with an end-user clicking or opening something malicious. Preach the importance of social engineering defense.

5) Deploy Advanced Email Security

To complement awareness with technology, you should adopt an email security gateway that incorporates threat intelligence to effectively thwart emails that contain malicious URLs.

6) Patch Your Software and Systems

Malware often requires an unpatched vulnerability to run, so ensure that your entire environment is updated with the latest security fixes. Vulnerability scans and security testing help businesses identify their network-connected assets and learn how those assets are vulnerable to attack.

7) Report the Event

If you're a victim of a ransomware attack, you need to kick in incident response, which should include contacting the authorities and/or filing a complaint with IC3.

Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.


 
 

Latest Trustwave Blogs

The Power of Red and Purple Team Drills in Enhancing Offensive Security Programs

Despite investing in costly security solutions, keeping up with patches, and educating employees about suspicious emails, breaches still occur, leaving many organizations to wonder why they are...

Read More

Balancing Innovation and Security: How Offensive Security Can Help Navigate the Tech Industry’s Dual Challenges

Two of the greatest threats facing technology-focused organizations are their often-quick adoption of new technologies, such as artificial intelligence (AI), without taking security measures into...

Read More

Trustwave Government Solutions (TGS) Salutes New Mexico’s New Cybersecurity Executive Order

New Mexico Governor Michelle Lujan Grisham issued an Executive Order to shore up the state’s cybersecurity readiness and better safeguard sensitive data by conducting a state-wide security assessment...

Read More