What is Ransomware?
Future-Proof Your Ransomware Prevention
With more than 4,000 new ransomware samples appearing every day, it is impossible for signature-based defenses to keep up. Every indication shows that the rise in ransomware is accelerating, making it mission critical for you to put the right tools and processes in place to defend against these relentless emerging threats. In this webinar, we look back at the recent onslaught of ransomware outbreaks and provide advice for future-proofing your ransomware prevention
Like the name implies, ransomware is essentially digital extortion that is executed through software that uses encryption techniques to keep files and entire systems locked from use by their original owner, and holds them hostage until (theoretically) a payment has been made.
Once ransomware enters a system, it makes itself known by taking control, encrypting files or complete systems, and blocking user access until requests for payments, which are often displayed in warning messages, are fulfilled. Unfortunately, there is no guarantee that the keys needed to break the encryption will be returned upon payment.
This devious malware typically enters opportunistically through drive-by downloads, email links, social network messages, and websites; more recently, ransomware has been distributed through aggressive worms and targeted attacks. Ransomware, like many Trojans, are disguised as legitimate files, with the ransom note appearing on screen , often with threats of deletion or publication without payment. The result is often brand damage, costly lawsuits, or lost customer loyalty.
Attacks such as WannaCry, Petya, Bad Rabbit were headliners in 2017. WannaCry alone spread globally to 300,000 devices in over 150 countries in a single weekend, and caused millions, perhaps even billions, of damage.
Here are some insights from a recent Forrester report:
No one is left unscathed – businesses large and small, governments, healthcare organizations, and individuals are susceptible to ransomware.
It’s even being promoted on the dark web as “ransomware as a service,” with tutorials and guides for easy execution. (In fact, according to The Ransomware Economy report from Carbon Black, there was a 2,502% increase in the sale of ransomware from 2016 to 2017, making it a $6 billion market, with over 6300 dark web marketplaces that have 45,000 product listings.)
Bitcoin is making it easy for attackers to set up anonymous payment schemes.
Almost anyone can do this. Seriously. Almost anyone.
Why is ransomware on the rise?
Much like viruses and adware were top of mind in the nineties when the internet first began to dominate popular culture, you really can’t look far today without hearing about ransomware. That isn’t necessarily the case, however, for other types of malware or high-profile attacks. This episode of "The 101" dives into what is happening with ransomware and why it's on the rise...
To view this and other episodes of "The 101" click here.
Generally speaking, the answer is not if it can be avoided. And the reason is twofold: there is no guarantee the attackers will release the files and systems held hostage, and it gives ransomware distributors confidence that you are willing to pay.
However, it’s understandably not unusual for companies to pay ransoms, especially in the case of life or death situations that can sometimes arise in ransomware outbreaks. In fact, according to recent research from Cybersecurity Ventures, ransomware was estimated to be a $5 billion crime in 2017, which is a dramatic increase from $24 million in 2016 and $850,000 in 2015.
The 2018 Cyberthreat Defense Report form Cyberedge Group surveyed companies from around the globe and found that 55% of these organizations were victimized by ransomware in 2017. Of the ones that paid ransom, over half of them lost their data, an indication that paying ransom may be ineffective.
As to the ones that did not pay, nearly 87% were fortunate enough to recover their data, although it’s unclear at what the cost of recovery was.
Here is a quick look at how ransomware is quickly evolving into one of the most dreaded types of malware out there.
4,000 Attacks a Day
This, according to the FBI, is a 300% percent increase over 2015 attack volume
3 Million Computers Attacked
In 2017 researchers identified more than 120 new ransomware families affected systems worldwide
$11.5 Billion Cost Projection
In 2019 a ransomware attack will likely occur every 14 seconds, bringing the daily average to over 6,000
Because of the financial success of ransomware today, attackers are increasingly developing ransomware variants that slip by most traditional malware protection that detects known attack modes. New variants, such as Locky and advanced attacks that leverage PowerShell, scripts, macros, remote shell attacks and memory-based attacks, evade detection from most antivirus software.
However, a next-generation antivirus (NGAV) solution with streaming prevention technology uses deep analytics to inspect files and recognize events that can lead to a ransomware outbreak. By identifying malicious behavior unique to ransomware before an attack actually takes place, the attacks can automatically be blocked. In addition, with full visibility into the attack, companies can quickly remediate the vulnerabilities found by attackers to prevent future outbreaks.
Stopping Alternative Techniques
Ransomware samples are evolving at an accelerated rate, using alternative techniques that allow it to evade traditional defenses that rely on reputation to prevent malicious files. Cb Defense, Carbon Black's Next-Generation Antivirus + EDR solution, uses file heuristics to expose evasive ransomware variants, including canary files that are benign files that act as bait to lure ransomware.See How Carbon Black Stops Ransomware