Ransomware Evolutions And Derivatives
With the latest CyberheistNews Volume being released on the 15th of August, we at MTBW Services thought it would be beneficial to provide a summary of the latest Ransomware activities and a link to the full report.
Some of the more worrisome findings in the report:
- The FBI projected that the losses caused by ransomware infections could reach a billion dollars in 2016 alone.
- Late July, thousands of legit WordPress business sites were hijacked by a botnet named SoakSoak to deliver ransomware to anyone who visits their website.
- Ransomware upgraded strains and rebranded versions sold cheaply on the Dark Web.
- Stampado was heavily advertised in the cybercrime underground for a fraction of the price of malware typically sold in the Ransomware-as-a-Service market at 39 bucks, with training videos that show how it works.
- cuteRansomware using Google Docs and other cloud apps to transmit encryption keys and gather user information to evade detection.
Some of the protections everyone, not just companies, but individual computer owners as well should implement are listed below. Though we naturally quantify the value of a company’s resources as greater than an individual, how can you truly calculate the significance of such items as family pictures and videos stored on personal computers?
If you need assistance with any of these protection configurations or deployments please don’t hesitate to contact MTBW Services.
- Test your backups. Don’t just depend on the notifications that a backup executed, but actually perform test restores.
- It’s critical no matter what media you use for backups, that you have multiple media including those that are not connected to your network.
- If using Cloud based backups insure that you have selected multiple revisions, for if only one version exists it can be compromised as well.
- Configure Software Restrictions via Group Policy to block common areas that ransomware exploits.
- Configure file type restrictions to block common ransomware extensions.
- Block all email except corporate email access.
- Anti-SPAM/Anti-Virus Email Security
- Application Control at the Gateway/Perimeter/Edge
- Application Control on network systems
- NGFW that can detect and block Malicious Command & Control Sites
- NGFW Sandboxing to detect Zero Day variants
- Principle of Least Privilege throughout all shared resources
- User Security Awareness Training
- NGFW Web Filtering to block Internet access that isn’t business related
- NGFW IPS Protection
- Reputable End Point Protection on network systems