- August 8, 2016
- Posted by: admin
- Category: IT Security, Ransomware
Ransomware infections are on the rise in the Middle East and a lot of customers are falling victims to Ransomware attacks on a daily basis. This article takes a look at how organizations can stay protected against Ransomware without spending huge amount of money.
There are 2 types of Ransomware – (1) Ransomware that encrypts the files and demand ransom (Cryptolocker, Locky, Cryptowall etc.) and (2) Ransomware that locks the operating system or MBR (Winlocker, Satana, Petya etc.). More than 100 different known Ransomware types are actively targeting potential targets and every organization should be careful so that they are not the next victim. Users get infected either by clicking on links/attachments from phishing emails or by visiting compromised websites. In many cases the users get redirected to malicious websites without their knowledge or the websites they visit may have been compromised by hackers. Once a system is infected Ransomware can spread within the network by exploiting software vulnerabilities. Cyber criminals use various social engineering techniques to infiltrate target users.
Antivirus softwares are not able to detect because Ransomwares use advanced techniques like polymorphic behavior, anti-sandboxing, domain shadowing and encrypted communication.
Proper traffic pattern analysis and filtering at end points (desktops/laptops & Servers) can help organizations stay away from Ransomware attacks. Ransomware infection starts with a user clicking on a malware link/agent without knowing that it is a malware. A proper traffic filtering mechanism can stop the request from going to the Ransomware C&C Server and also it can stop the key-exchange required for encryption to happen. Also basic Security Awareness training for end-users can help organizations stay away from major IT Security challenges that they face today and the beauty is that all this can be done without spending a huge amount of money.