Name that strain. Ransomware on the rise.

A well known threat to all organisations, ransomware is still on the rise. Cyber-criminals are even working out how to beat your ransomware protection solutions. 

Name that strain. Ransomware on the rise.

A well known threat to all organisations, ransomware is still on the rise. Cyber-criminals are even working out how to beat your ransomware protection solutions. 

posted in Cyber-SecurityRansomware ● 3 Oct 2018

Of the plethora of cyber-threats organisations face on a daily basis, ransomware is one of the most commonly known and publicised. Malicious software strains such as ransomware and crypto-jackers have proven to be effective exploits for cyber-criminals and the signs point to this continuing. In a quarterly threat report written by McAfee it was found that known strains of malware that exploit software vulnerabilities grew by over 150% in the second quarter of 2018.

“WannaCry and NotPetya provided cyber-criminals compelling examples of how malware could use vulnerabilities to gain a foothold in systems and then quickly propagate across networks.”

– Christiaan Beek, Lead Scientist and Senior Principle Engineer, McAfee Advanced Threat Research

The WannaCry and NotPetya strains of ransomware are the most well known malware attacks and some of the most publicised cyber-attacks in the past two years. The strains both managed to infect thousands of organisations in a matter of days by utilising ‘worm’ code to spread across networks at a high speed, infecting organisation small and large alike. With new strains being found on a constant basis, researchers are finding that cyber-criminals are attempting to copy and replicate the styles of attacks seen in both WannaCry and NotPetya. Previously unknown strains of malware and ransomware are in some cases still exploiting vulnerabilities first found in 2014; manufacturers and software companies have since patched these, however due to poor patch management some organisations are still falling victim.

Why were WannaCry and NotPetya so successful?

WannaCry

The WannaCry ransomware attack made headlines in May 2017 when the strain targeted a known vulnerability in Windows systems, infecting a reported 300,000 organisations in just three days. The strain which encrypted systems and demanded a ransom, was one of the first major strains found to be utilising a worm code to help it spread faster across networks. Damages from the attack are estimated to be worth billions. Following the attack, the United States, United Kingdom, Australia and other countries placed blame on a state-led North Korean attack.

NotPetya

The Petya strain of ransomware first came to prominence in 2016 but in 2017 a new version of the strain made headlines as it followed the example of WannaCry by using a worm to launch a large-scale attack in a short space of time. The 2017 attack, dubbed NotPetya by researchers, had fundamental differences, however it was found that it did not have the capability to unencrypt systems after they had been encrypted. Targeted amongst this attack were energy companies, the national Ukrainian power grid, banks and other organizations.

Ransomware vs Crypto-jacking

The latter half of 2017 and early part of 2018 saw a new malware threat come to light, taking direct advantage of the growth in value and use of cryptocurrencies. Crypto-jacking is a malicious strain of code that will hijack a system and silently begin to mine crypto currencies, utilising available resource, with the knowledge of the system’s owners. The second quarter of 2018 saw an 86% rise in the known samples of crypto-jacking/mining malware, putting the number of known samples over five million.

It has been estimated that in the last 24 months some $1.5 billion worth of crypto-currency has been stolen.

‘Cyber crime is a business, and market forces, such as the rise in cryptocurrency values, will continue to shape where adversaries focus their efforts… Cryptomining malware is simpler, more straightforward, and less risky than traditional cyber crime activities – causing these schemes to skyrocket in popularity over the last few months. In fact, cryptomining malware has quickly emerged as a major player on the threat landscape. Organisations need to remain vigilant to these threats – particularly in today’s cloud-first landscape, when many companies are seeing a rapid increase in cloud applications and environments to secure’

– Raj Samani, McAfee fellow and Chief Scientists.

The human touch

With the rise of malware and ransomware strains taking advantage of software vulnerabilities there is additional onus on the importance of regularly and procedurally updating and protecting systems. Vulnerabilities that have been patched since 2014 are still being exploited in some cases, meaning that poor patch management is putting organisations at risk.

Human error and interaction is still the most likely cause of a ransomware infection taking hold with malicious sites, emails or attachments being accessed. Educating users won’t solve the problems completely, but helping them spot malicious content could be the difference between suffering a disaster with the associated downtime and having to update blacklists and security settings.

Recovering from the effects of ransomware

Ransomware can cost organisations millions. Not only is there the potential ransom to pay but the associated cost of downtime and negative effect on reputation has to be dealt with. While paying a ransom may see data/systems unencrypted, it is not a guarantee. There is also no guarantee or protection against further attacks. Authorities such as GCHQ have recommended that organisations do not pay ransoms.

For organisations who have been struck by an attack, systems must be restored to operational capacity as quickly as possible. One of the best ways to do this is by ensuring that a full off-network (off-site) backup is in place for all data and that this can be accessed and recovered from in the event of a ransomware outbreak. Redstor has helped hundreds of organisations recover from ransomware outbreaks, small and large and can give the ability to instantly access data while a full restore occurs, helping organisations get back to work straight away.

Marriott faces data breach fallout

The Marriott hotel group has announced that it has fallen victim to one of the largest data breaches in history as data was stolen over the course of 4 years.

Continue reading

What Is Secondary Storage?

Secondary data storage does not have the same requirement as primary storage to be accessed quickly, however, depending on its uses this could become a feature. Learn more about secondary storage and how it can benefit your organisation.

Continue reading

Archive Or Delete - What Should You Do With Your Data?

In an age where data is exploding in size, primary storage is a premium and there are threats from every angle, it is important to manage data more effectively. For a network manager, it can become a time-consuming task simply deciding which data to keep and what to remove. So how do you understand what’s on your network and how best to manage it?

Continue reading