We’ve all seen them. Recent headlines filled with reports of massive ransomware attacks against a multitude of targets. With healthcare organizations, financial institutions, and even the government falling prey, it would appear that none are safe. Many, many blogs and security posts have been issued warning businesses against this attack vector, seemingly to no avail!  So, you might ask: “Why should I continue reading this blog post?”  The answer is simple. Ransomware is evolving!

That’s right – you haven’t seen the end of ransomware or its effects. Since so many businesses are learning to effectively recover from devastating ransomware attacks, cyber criminals are adopting new methods to continue their campaign. Recent research from Talos indicates that ransomware authors are changing their weaponry to be even more effective!

The evolution of ransomware involves combining an old attack method [worms] with the new attack method [ransomware] to transform ransomware into a self-propagating worm. Dubbed “crypto-ransomware," the result is, unfortunately, very effective. Think about the devastating effects of a worm like Conficker back in 2008. Now combine that with ransomware. Worried yet? If you aren’t, you should be!

Several researchers have discovered a piece of crypto-ransomware called “SamSam.” SamSam targets unpatched server vulnerabilities and is very similar to the old computer worms in mimicking how they penetrate an operating system, spread malicious code and traverse across a network. While SamSam is not entirely self-sufficient, it exhibits some of the same capabilities of successful worms – rapid propagation, payload delivery, and crippling recovery efforts.

Researchers theorize that future iterations of ransomware will build off of SamSam’s core code. As these different versions evolve they will become more like worms and start self-propagating across your network. These new versions will be able to work more autonomously, searching the enterprise network for exploitable vulnerabilities, unprotected executable files, and attached network drives in order to copy itself and use minimal resources to hide its presence.

Experts predict that we will see use of crypto-ransomware on a massive scale, targeting a range of businesses and services. In many cases the current ransoms are low, but as this new attack tool proves to be successful, we can expect to see ransoms increase as well.

Cyber security is an ever-changing world that requires constant research and the adoption of new techniques. To effectively counter ransomware and better protect your business data, ensure the following security counter-measures are in place and functional – before an attack!

  1. Have viable back-ups available, and make sure that they are tested on a regular and frequent basis. Your data should be backed up and then be obtainable in a short amount of time.  When it comes to recovering from ransomware attacks back-ups are the most important strategic response available.  Ensure you are following a 3-2-1 strategy:   

            - Have three total copies of your data backed up.    

            - Two of these back-ups can be stored locally; however, store them in               different formats and on different mediums for security purposes. 

            - Finally, store the final back-up remotely, off site, but where it can be               easily and quickly accessed.

    2. Set operating systems and programs to automatically apply new                     patches and security fixes. This removes the target from the malware           sites and helps keep your data more secure.

    3. Train end users both in the proper corporate security measures and in         safe internet browsing habits. The weakest link in the security chain is           often the end users, so strengthen that link and help protect your                   network.

    4. Make sure your security personnel are receiving up-to-date training,             using the best security tools and contributing to the safety of your                 network rather than weakening it.

Cyber security is a dynamic profession, which demands that its practitioners stay current on the threat landscape and such threats as ransomware. This new hybrid ransomware requires more than just talking about cyber security, it requires doing something! Ensure your security personnel and program are ready to handle the newest threats – before they arrive.

References:

blog.talosintel.com/2016/04/ransomware.html#toc