Think of ransomware like bribing a victim online, but forcefully. Ransomware is basically malware-disruptive software that allows an attacker to gain access to a user’s computer without permission- but with a financial twist. Said twist is that the attacker keeps denying the user access to their data (on the user’s computer) until a ransom is paid. Ransomware is dominantly utilized for monetary gain.
How Do Attackers Deploy Ransomware?
- Email Attachments [upon opening the content, ransomware may start file encryption]
- Malicious Links
- Drive-By Downloads
- Malvertising
- Pirated Software
- Removable Media [ie: USB]
- Network Propagation
- Remote Desktop Protocol [allows an attacker to remotely access a user’s desktop]
Common Types Of Ransomware Strains:
Common ransomware strains include but are not limited to:
- CryptoWall
- Started distribution via exploitation kits and email
- Recently has been connected with compromised websites
- CryptoWall encrypts files and deletes any VSS (volume shadow copy) so that data recovery becomes inhibited
- Started distribution via exploitation kits and email
- SAMAS/SAMSAM/SAMSA
- Seen as the most destructive form of ransomware
- Attackers start by identifying networks that have unpatched servers running JBoss enterprise products
- Once attackers gain access, they move laterally from the entry point to identify additional hosts
- Once enough systems have been compromised and breached, the ransomware is deployed
- Payment is typically demanded in BitCoin
- Locky
- On the newer side of ransomware strains
- Works the similarly to CryptoWall
- Distinguishable because when Locky encrypts files during the attack, it renames all files with the .locky extension when it’s encrypting them
- The computers desktop wallpaper becomes a ransom message
- CryptoLocker
- Considered to be the first modern strain of software
- CryptoLocker was taken down by government officials in 2014
- Distributed through email attachments and botnets
- Caveat:
- Removing CryptoLocker from devices was easy but the files remain encrypted
How Can Ransomware Attacks Be Prevented?
- User Training [since ransomware attacks are based on whether a user engages with malware the attacker is trying to impose, training the user to be able to spot phishing or malicious content would be the first place to start]
- Creating email authentication filters [implementing spam filters so that a user can confirm if an email is coming from a valid email server is crucial to protecting oneself. This can be done by utilizing SPF, DKIM, and DMARC to improve email security.]
- Download antivirus software
- Internal Network Hardening
- Invest in advanced ransomware protection software
- Keep your browser up-to-date
- Utilize strong wireless security
Humanity Wealth Advisors believes in sharing good knowledge and education. We believe your financial wellness comes from knowing good information– after all, knowledge is power and that’s what we’re all about
The articles we provide are free resources used simply to educate and pass knowledge; a knowledgeable investor is a great investor!
We’re the financial advisors you want to come to for affordable financial planning in the Bay Area
Did someone ask for financial advisors without a minimum asset requirement? That’s us!
Ransomware attacks can compromise data which may lead to the diversion of financial planning; giving readers information on ransomware helps us meet our goal to educate the general public.
Contact us if online financial advice is crucial to you- we can help you with that.
