sb-as logo
Story image

Unstoppable: Ransomware will evolve – here’s what you need to know

26 Jan 2017

Endpoint protection company CrowdStrike says that ransomware attacks are going to evolve rapidly, making it difficult for organisations to form preventative defences – especially if they’re using typical signature-based protection.

The company stated in a blog that ransomware attackers are using the underground network known as TOR to communicate Command and Control attacks without triggering alerts.

Attackers are also taking advantage of tools such as crypters and packers, which can change the ransomware so it’s harder to detect. On top of that, ransomware attacks are taking the form of genuine-looking computer operations, but they have the power to stop essential services such as Windows Task Manager and the Registry, CrowdStrike says.

The notorious Locky ransomware is a key example of how attack processes have evolved. Last year it was updated to include, amongst others, features that encrypted unmapped network drives connected to infected systems, deleted Volume Shadow Snapshots (VSS) to make file restoration impossible and used techniques to hide exploits from static analysis tools.

CrowdStrike says that organisations should be watching out for ransomware variants, including:

  • KeRanger: The first full ransomware for the OS X, which is obscured as an .rtf file and launches after three days.
  • Petya: Encrypts the Master File Table and Master Boot Record, crippling the drive
  • PowerWare: Uses a macro to launch Windows PowerShell to run malicious script without writing it to disk
  • Ransom32: A Ransomware-as-a-Service program that is written in Javascript
  • Samas: Targets servers running out-of-date JBOSS systems

The company concludes that standard security solutions – such as blocking known threats, patching and detecting IOCs will not combat ransomware alone. Organisations should take extra precautions, such as using managed services, endpoint protection and a multi-layered approach.

Story image
Video: 10 Minute IT Jams - SonicWall VP discusses the importance of endpoint security
In this video, Dmitriy discusses the exposure points and new risks that come as a result of widespread flexible working arrangements, how organisations should secure their massively distributed networks, and how SonicWall's Boundless Cybersecurity model can solve these issues.More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More
Story image
2020's nastiest malware revealed
"Cybercriminals are relying on same old tricks to secure their financial treats, because they continue to be successful."More
Download image
NFV: The ticket to stronger, simpler corporate networks
It's a big industry - but what exactly is NFV?More
Story image
Why organisations should wise up to the DDoS extortion trend
While it is essential to have a DDoS mitigation solution in place, it’s also important to test that it works as expected, writes NCC Group director of technical security consulting for Asia Pacific Tim Dillon.More
Story image
Research: Younger cybersecurity pros more fearful of being replaced by AI
According to the findings, 53% of respondents under 45 years old either agreed or strongly agreed that AI and ML are a threat to their job security, despite 89% of this demographic believing that it would improve their jobs.More