Ransomware: Are we really prepared for cyber attacks?

On Black Friday of 2018, a powerful ransomware attack hit the San Francisco light rail system, threatening to destroy more than 30 GB of critical databases such as email, staff training, payroll, ticketing and other system data, unless they paid the authors 100 Bitcoins (which equals to approximately $ 355,966 USD).

The company refused, resulting in the suspension of the ticketing system for two days and forcing the agency to absorb thousands of free passenger trips.

The Cisco Cybersecurity Report in 2018, declares that ransomware is “the most profitable type of malware in history,” echoing other studies that have tracked the rapid rise of ransomware to one of the most dangerous business security threats. prevalent and virulent in all business sectors.

According to an Osterman Research survey in June 2017, almost one in three organizations surveyed suffered a ransomware attack in the last 12 months.

Another report, this time from ESET Security Report 2018, revealed that in the year 2017, 1,190 variants of FileCoder families were identified (a detection for ransomware). If this figure is compared with the 744 that were identified in 2016, there is an increase of 60% in less than one year.

Ransomware blocks the companies from their systems by encrypting critical data, releasing the data only after the victim pays the attackers a monetary ransom.

One reason why this threat has become so widespread and effective is the ease with which hackers can acquire and take advantage of ransomware tools.

Once infected, owners can choose to hire security professionals to disinfect their systems. Unfortunately, the whole process can take hours, days or weeks, at a cost that is probably much higher than the ransom demanded by the attackers.

That’s why business owners simply pay the ransom so they can get back to work as soon as possible, and why ransomware is such a profitable and rapidly growing business.

With the rapid increase in ransomware attacks, businesses and organizations have a hard time finding and implementing viable security solutions that can detect and mitigate these attacks early, quickly and effectively before they can cause damage.

Examples: Locky Ransomware Attack

Ransomware is one of the most prevalent ransomware vulnerabilities on the Internet. A typical Locky Ransomware attack takes a series of steps to paralyze the systems and extract the ransom:

The attacker sends unsolicited emails with malicious attachments to dozens of staff members in an organization. Thanks to the sophisticated social engineering tactics of the attacker, one or more victims are tricked into clicking and executing the attachment.

The malicious upload of the attached file runs, connects to a ransomware hosting server over the Internet and downloads a copy of Locky Ransomware on the corporate network.

When executed, Locky Ransomware is installed secretly on the network and communicates with a command and control server (CnC) over the Internet to retrieve an encryption key, which it uses to encrypt critical local files and shared folders on the network.

Once the encryption is complete, Locky Ransomware opens a window in the user’s system and demands a ransom in return for recovering the encrypted files.

These are just the tactics and steps that were used to attack the San Francisco light rail system, tricking an employee of the light rail system to run a malicious email attachment.

Conclusions:

Given this landscape, are we really prepared for cyberattacks? You are with Hillstone’s next-generation intelligent firewall (iNGFW) — a solution for this type of scenario with a multi-layered defense and a unique architecture used to detect and mitigate ransomware before it can damage to the business.

The layered defense delivered by the iNGFW uses several high-level security engines to protect against Ransomware threats: Antivirus (AV), Intrusion Prevention System (IPS), Advanced Threat Detection (ATD), Abnormal Behavior Detection (ABD) etc.

With its layered defense, Hillstone iNGFW can detect and mitigate even the most sophisticated and rapidly evolving ransomware variants in any or all attack stages, including subsequent violations.