Ransomware is a form of malware currently taking the world by storm. Take for instance the headlines this month about a Kentucky hospital being struck down by a virulent strain, essentially halting all use of company equipment and websites until the malware could be quarantined. Think of ransomware in terms of your data being held ransom by a third party. The way the attacker orchestrates the attack is what ensures total loss of data unless the ransom is paid. The victim’s data is encrypted using asymmetric encryption which encrypts the data with a public key and requires a private key to decrypt the data. The hijacker will then provide the private key for a fee which is only good for unlocking the victim’s data. The type of keys we are talking about are the same level of encryption used to protect secure transmissions over the internet. To put things in perspective, if you were to measure the start of the universe to the end of the universe in time, we would only be 1/6th of the way to breaking a single instance of 2048 Bit SSL encryption.
Ransomware is often carried into an environment by a Trojan. Trojans are malicious code that masquerade as another program or file and upon execution, deliver an infectious payload. In the United States alone, more than 60% of malware contains some form of ransomware and this statistic is on the rise. Once the ransomware runs, it reaches out over your common internet ports (80 or 443) looking for its command and control server. The command and controller server then sends the public key to the infected machine and begins encrypting over 70 types of files. Apple devices have often been thought to be mostly immune to most forms of malware, but Palo Alto Networks recently reported that ransomware had been discovered on the mighty OS X. The question many victims ask is what could have been done differently and is it possible to get the encrypted data back without paying the ransom. We can talk about ways to protect against ransomware as well as detecting ransomware, but the most cost effective way to never have to pay the ransom? Back up your files. The data can be recovered from a backup but the downtime and damage to the reputation of a business are not as easy to recover from. The media is full of companies dealing with and recovering from ransom attacks. Early detection and remediation will continue to be some of the best defense against Ransomware attacks.
Don’t miss a post! Subscribe to The Insider Threat Security Blog here:
Brad Bussie is an award winning fifteen year veteran of the information security industry. He holds an undergraduate degree in information systems security and an MBA in technology management. Brad possesses premier certifications from multiple vendors, including the CISSP from ISC2. He has a deep background architecting solutions for identity management, governance, recovery, migration, audit, and compliance. Brad has spoken at industry events around the globe and has helped commercial, federal, intelligence, and DoD customers solve complex security issues.