Posts Tagged ‘virus’

A computer with a logo on the screen

Description automatically generated with low confidence
Ransomware is malicious software that allows a hacker to restrict access to an individual’s or company’s critical information in some way and then demand some form of payment to lift the restriction. The most common form of restriction today is encryption of important data on the computer or network, which essentially lets the attacker hold user data or a system hostage, and message may be looks like “!!! IMPORTANT INFORMATION!!! All of your files are encrypted with RSA-2048 and AES-128 ciphers.” or we might see a readme.txt stating, “Your files have been replaced by these encrypted containers and aren’t accessible; you will lose your files on [a Date value] unless you pay $2000 in Bitcoin.” As it is malware and installed covertly on a system and executes a Cryptovirology (Cryptovirology is a field that studies how to use cryptography to design powerful malicious software.) attack that locks or encrypts valuable files on the systems/networks. Without a comprehensive network segmentation or micro-segmentation policy, malicious actors can also move laterally within organization’s network, infect endpoints and servers, and demand a ransom for access to the valuable data.

Graphical user interface

Description automatically generated

The Current State of Ransomware

Below infographic presents eye-opening facts that demonstrate the danger behind this cyber threat.

Ransomware stats and numbers for 2021

Types of Ransomwares 

Ransomware attacks can be deployed in different forms. Some variants may be more harmful than others, but they all have one thing in common: a RANSOM.

1)      Crypto malware

2)      Lockers

3)      Scareware

4)      Doxware

5)      RaaS

6)      Mac ransomware – KeRanger

7)      Ransomware on mobile devices

Preventing Ransomware

There are many steps organizations can take to prevent ransomware with varying degrees of effectiveness. Below are few tips for actions can take to reduce risk of a ransomware attack: 

 

Action

Description

1

Staff Awareness

Raising awareness about ransomware is a baseline security measure. But it could only take one employee lowering their guard for an organization to be compromised. As training sessions have little influence over staff for every potential attack, it makes added security more imperative.

2

Spam Filter

Cybercriminals send millions of malicious emails to at-random organizations and users, but an effective spam filter that continually adapts alongside a cloud-based threat intelligence center can prevent more than 99% of these from ever reaching employees’ desktops.

3

Configure Desktops Extensions

Employees should be trained not to double-click on executable files with a .exe extension. However, Windows hides file extensions by default, allowing a malicious executable such as “evil.doc.exe” to appear to be a Word document called “evil.doc”.  Ensuring that extensions are always displayed can go a long way to countering that kind of threat.

4

Block Executables

Filtering files with a .exe extension from emails can prevent some malicious files from being delivered to employees, but bear in mind that this isn’t foolproof. Malicious emails can instruct employees to rename files, and ransomware is also increasingly being delivered as JavaScript files (see below).

5

Block Malicious JavaScript Files

Ransomware being delivered in .zip files containing malicious JavaScript files are common. These are disguised as text files with names like “readme.txt.js”  – and often  just visible as “readme.txt”, with a script icon for a text file. You can prevent this vulnerability for staff by disabling Windows Script Host.

6

Restrict Use of Elevated Privilege

Ransomware can only encrypt files that are accessible to a particular user on their system – unless it includes code that can elevate a user’s privileges as part of the attack, which is where patching and zero trust come into play.

7

Promptly Patch Software

It’s a basic security precaution to ensure that all software is updated with the latest security patches, but it’s worth reiterating because breaches continue due to prolonging updating. Just in 2020, the SolarWinds hack could’ve been prevented for organizations that promptly patch software.

8

Zero Trust

Moving toward zero trust offers visibility and control over your network, including stopping ransomware.  The next three actions: prioritize assets and evaluate traffic, microsegmentation, and adaptive monitoring are central steps of the zero trust architecture and greatly reduce your risks of an attack.

9

Prioritize Assets and Evaluate Traffic

With the use of inventory tools and IOC lists, an organization can identify its most valuable assets or segments. This full picture offers staff a look into how an attacker could infiltrate your network and gives needed visibility into traffic flows. This gives your team clear guidelines as to what segments need added protection or restrictions.

10

Microsegmentation

Microsegmentation is the ultimate solution to stopping lateral movement. By implementing strict policies at the application level, segmentation gateways and NGFWs can prevent ransomware from reaching what’s most important.

11

Adaptive Monitoring and Tagging

Once your micro-perimeters surround your most sensitive segments, there’s a need for ongoing monitoring and adaptive technology.  This includes active tagging of workloads, threat hunting, and virus assessments, and consistent evaluation of traffic for mission-critical applications, data, or services.

12

Utilize a CASB

A cloud access security broker (CASB) can help manage policy enforcement for your organization’s cloud infrastructure. CASBs provide added visibility, compliance, data security, and threat protection in securing your data.

13

Rapid Response Testing

In the event of a successful breach, your team must be ready to restore systems and data recovery. This includes pre-assigning roles and ensuring a plan is in place.

12

Sandbox Testing

A common method for security analysts to test new or unrecognized files is by utilizing a sandbox. Sandboxes provide a safe environment, disconnected from the greater network for testing the file.

13

Update Anti-Ransomware Software

As noted, consistent updating of network software is critical. This is especially true for your existing intrusion detection and prevention system (IDPS), antivirus, and anti-malware.

14

Offline Backups

While virtual backups are great, if you’re not storing data backups offline, you’re at risk of losing that data. This means regular backups, multiple copies saved, and monitoring to ensure backups hold true to the original. Restoring data after an attack is often your best approach.

15

Update Email Gateway

All email for your network typically travels through a secure web gateway (SWG). By actively updating this server, you can monitor email attachments, websites, and files for malware. This visibility into attacks trending for your organization can help inform staff moving forward of what to expect.

16

Block Ads

All devices and browsers should have extensions that automatically block pop-up ads. With the extensive use of the internet, malicious ads pose a long-lasting threat if not blocked.

17

Bring-Your-Own-Device (BYOD)Restrictions

If you have a remote work staff or just a loose policy surrounding devices acceptable for network access, it might be time to crack down. Unregulated use of new or unique devices poses an unnecessary risk to your network. Enterprise mobility management (EMM) is one solution.

18

Forensic Analysis

After any detection of ransomware, there needs to be an investigation into its entry point, time in the environment, and confirm that it’s been fully removed from all network devices. From there, the task of ensuring it never returns begins.

Network Security Monitoring Tools

a padlock representing network security

The most common Network Security monitoring tools are as,

Argus

https://www.qosient.com/argus/

POf

http://lcamtuf.coredump.cx/p0f3/#

Nagios

https://www.nagios.org/

Splunk

https://www.splunk.com/

OSSEC

https://www.ossec.net/

Encryption Tools
Best encryption software 2021: Protect your data | ZDNet 

Tor

https://www.torproject.org/

KeePass

https://keepass.info/

TrueCrypt

http://truecrypt.sourceforge.net/

Web Vulnerability Scanning Tools

2015 Bot Traffic Report: Humans Take Back the Web, Bad Bots Not Giving Any  Ground | Imperva

Burp Suite

https://portswigger.net/burp

Nikto

https://cirt.net/Nikto2

Paros Proxy

https://sourceforge.net/projects/paros/

Nmap

https://nmap.org/

Nessus

https://www.tenable.com/products/nessus/nessus-professional

Nexpose

https://www.rapid7.com/products/nexpose/

Penetration Testing

Web Applications Penetration Testing | RedForce - Always Stay Ahead!

Metasploit

https://www.metasploit.com/

Kali Linux

https://www.kali.org/

Password Auditing Tools

Networking – ITSaDC

John the Ripper

https://www.openwall.com/john/

Cain and Abel

http://www.oxid.it/cain.html

Tcpdump

http://www.tcpdump.org/

Wireshark

https://www.wireshark.org/

Network Defense Wireless Tools

5 cybersecurity tips for consumers: Lessons learned in the enterprise | CIO

Aircrack

https://www.aircrack-ng.org/

NetStumbler

http://www.netstumbler.com/downloads/

KisMAC

https://kismac-ng.org/

Network Intrusion & Detection

Securing the Internet of Things with Intrusion Detection Systems - BPI -  The destination for everything process related

Snort

https://www.snort.org/

Forcepoint

https://www.forcepoint.com/product/ngfw-next-generation-firewall

GFI LanGaurd

https://languard.gfi.com/

Acunetix

https://www.acunetix.com/

Ransomware attack solutions

One of the most important ways to stop ransomware is to have a strong endpoint security. This is a program that blocks malware from infecting your systems when installed on endpoint devices such as phones and computers. Just be sure that ransomware protection is included as many traditional anti-virus products are not equipped to defend against modern ransomware attacks. As ransomware is commonly delivered through email, email security is key in preventing ransomware. Secure email gateway technologies filter email communications with URL defenses and attachment sandboxing to identify threats and block them from being delivered to users. This stops ransomware from arriving on endpoint devices while blocking users from inadvertently installing malicious programs onto their machines. DNS web filtering solutions stop users from visiting dangerous websites and downloading malicious files, blocking ransomware that is spread through viruses downloaded from the Internet, including Trojan horse software. DNS filters also block malicious third-party adverts. Isolation technologies completely remove threats from users by isolating browsing activity in secure servers and displaying a safe render to users. Moreover, isolation does not affect the user experience, delivering high security efficacy and seamless browsing. Below are few key points to be noted and needs to implement as practice to prevent & limit the impact of Ransomware.

1)      Perform regular system backups

2)      Segment your network

3)      Conduct regular network security assessments

4)      Conduct employee security training

5)      Get your password security under control

6)      Ransomware Insurance

Ransomware : Infographic

Ransomware infographic