In 2017, ransomware dominated the news. Malware like WannaCry and NotPetya sparked global outages. Based on its diminished position in the media, you’d be forgiven for thinking that ransomware represented a lesser threat this year.
While there have been fewer world-shaking attacks, however, ransomware has actually grown steadily more popular, with Sonicwall reporting a 108% increase in ransomware over 2017 levels. Here are a few hallmarks of ransomware growth in 2018.
Active and Passive Ransomware attacks
Passive Attacks
These are automated attacks. The malware behind these attacks isn’t particularly novel – nor does it have to be. The point is to hit a large number of low-security targets in countries where the individual level of cyber-security is thought to be less advanced. They are designed for unexpecting corporate users to download them on their network, perhaps as a movie or to click on a email. The malware then search the network to try and find and encrypt files, databases etc.
The key to preventing passive kinds of attacks starts with user training, perhaps installing a web proxy or next generation firewall and generally having good Anti-Virus and Anti-Malware.
Active Attacks
These are attacks that involve a hacker. The goal of the malware is to create a backdoor into your network and allow access to a hacker. Once in, the hacker’s main aim will be to brute force the Admin Credentials, if successful, the impact can be devastating. Usually they will encrypt or delete the backup first, then search for where they believe the high value data is kept before encrypting or stealing the data and threatening to release it on the web.
Keys to guarding against active attacks can include: a secure management VLAN that incorporates 2fa, strong randomly generated passwords, making sure servers are patched, SIEM to detect call backs, AV and Anti Malware that is actively monitored and protected with a different password to the Admin account – (AV being uninstalled is a sure sign an attack may be about to unfold).
But if this isn’t enough then the ultimate fail-safe is a Backup solution that is not on the same domain. Cloud Backup is perfect for this. If all is lost, the business can still be saved by having a recent backup. For companies that cannot afford to lose even a few moments data or suffer any downtime, Disaster Recovery as a Service (DRaaS). Good DRaaS allow companies to fail their production over and roll back the clock to the moment before the attack occurred.
If this all sounds complicated…
It's because it is a little…. Luckily BIOS customers can now access services such as monitored AV, backup and disaster recovery as a service as well as a host of security services– meaning they’ll never have to pay a ransom. For more information, contact BIOSME today!
