Back to List

DSN: Ransomware on the Rise

Overview

As most of us have probably already seen in recent headlines, ransomware is back in a big way. "Ransomware" is a term for malicious software that encrypts data or blocks essential OS features until a ransom is paid. The attacker uses this malicious software to encrypt data with a decryption key known only to them. After this is complete, they display a warning or send an email demanding a ransom in exchange for the decryption key (see attached images for examples). Even if the ransom is paid by the affected party, there is no guarantee that the attacker will deliver the decryption key and restore the data. This type of attack can be devastating to an organization, and data may be permanently destroyed if not properly backed up.

If you suspect you are a victim of this type of attack, notify your IT department immediately.

Examples

Known Variants

  • Cryptowall
    • An updated version of older ransomware "cryptolocker"
    • Targets Windows systems
    • Encrypts files & file names
  • TeslaCrypt
    • A "competitor" to cryptowall
    • Targets Windows systems
    • Typically delivered through spam email attachments masquerading as "overdue invoices"
  • Locky
    • Uses spam emails with malicious Microsoft Office attachments for delivery
    • Targets Windows systems
    • Mainly targets healthcare facilities
  • Samas
    • Uses vulnerable web servers to propagate
    • Targets various OSs
    • Targets various industries


Mitigation

  • Make regular offsite backups, and perform scheduled checks to confirm they are working properly
  • Keep OS patches up to date
  • Keep software patches up to date
  • Run AV software on all workstations/servers and configure it to be updated automatically
  • Disable automatic execution of Microsoft Office Macros

Additional Information

https://www.fbi.gov/news/stories/2016/april/incidents-of-ransomware-on-the-rise/incidents-of-ransomware-on-the-rise

https://usa.kaspersky.com/internet-security-center/threats/ransomware-threats-an-in-depth-guide#.V21bzrgrK70

https://www.us-cert.gov/ncas/alerts/TA16-091A


Back to List
Contact Us