Menu
Ransomware takes malware from bad to worse

Ransomware takes malware from bad to worse

To thwart attacks like CryptLocker, you need a multipronged defense; new technology doesn't hurt either

Targeted email attacks (called spear phishing) with harmful links or attachments containing malware are an ever-increasing threat. These attacks are part social networking and part sophisticated technical effort to penetrate companies' defense systems. Traditional security deployments, in many cases, aren't prepared for these kinds of attacks.

The weakest link of any network is the user. But it's not always their fault. If a person receives an email from a real co-worker with a link, how can that person know the link will send them to a zero-day threat or that the attachment is a CryptoLocker attack?

After you train your users, they will have a good amount of fear and how-to ideas in mind, but over time they will forget or get sloppy -- and it takes only one or two clicks to pull CryptoLocker or similar threats into your environment. CryptoLocker is especially insidious malware because it encrypts all files -- documents, databases, photos, and so on -- with military-grade encryption unless you pay a ransom. Also, there is only one key to decrypt -- and the attacker is holding and asking money for it. Overall, ransomware is getting smarter.

You need to look at putting protections in place that checks links and scans email for malware as standard.

It's easy enough to scan email as it comes in and look for known viruses and such. What's hard is thwarting the kinds of sophisticated attacks where truly devastating tools like CryptoLocker are used: Someone sends a link that, at the time it comes through, points to a legitimate and safe server. But later, that link is switched by the attacker on the server side to a harmful location. There is typically no recheck in place when a user clicks a link in their email.

There should be -- and there can be.

You need email protection that covers the full lifecycle of a message, for as long as that message exists and there is a link to be clicked, when clicked the system will ensure the URL is still pointing to a safe location.

Tools for lifecycle malware detection carry different names, including targeted threat protection (TTP), targeted attack protection (TAP), and click-time link scanning. Whatever you call it, you want it in place.

You also want to scan all your systems and data stores to see if anything has already snuck through and is lurking to cause damage later. You have plenty of tools to do that, such as Malwarebytes Antio-Malware, which is what I use.

What happens if you are infected by ransomware? You have two options:

  • Pay the ransom and get back to work
  • Restore from backup, assuming it wasn't infected too

The problem with paying the ransom is that you tell the bad guys, "If this happens again, I will pay you," so you go on the list of repeat targets, likely for a higher ransom amount. Certainly, if you don't have secured backups of your data, you need to start making them.

When all is said and done, three items are necessary to protect your organization from modern-day phishing attacks:

Don't put it off any longer!


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwareTarget

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments