The evolution of ransomware: protecting yourself against infection

Internet meltdown: NYSE, United Airlines, and Wall Street Journal affectedThe newly released IBM X-Force Threat Intelligence Quarterly, 3Q 2015 focuses on ransomware (a cybersecurity threat largely overlooked by the media in favor of data breaches) and the Tor network as a means of spreading ransomware-as-a-service.

Ransomware – malware such as WinLocker, CryptoLock, ZeroLocker, CTB-Locker, and CryptoWall that prevents you accessing or using your system until you pay the attacker to remove it – has been around for a while, and is a “big business that nets criminals millions of dollars a year.” When confronted with a ransom screen many simply choose to pay up.

Now, however, IBM says that “ransomware is evolving” and its “technical sophistication is increasing as [it] begins to specialize, targeting specific communities” rather than individual end users.

Ransomware attacks from Tor exit nodes – such as the new ransomware-as-a-service kit Tox – have recently increased dramatically, targeting “information and communications companies foremost, followed by manufacturing, then finance and insurance.”

IBM suggests that these attacks are “attempts to steal intellectual property and/or spy on company operations” – a timely reminder that cyber attacks target all kinds of information. IBM recommends that the simplest way of avoiding such attacks is for organizations to block Tor exit nodes from entering their network altogether, and to always back up their data offline to avoid loss.

An ISO 27001-compliant information security management system (ISMS) will provide the cybersecurity controls that every organization needs in order to do this.

The rise in ‘ransomweb’ attacks targeting web apps

IBM also notes an increase in so-called ‘ransomweb’ attacks, which target web applications rather than individuals, inserting “malicious code on vulnerable web servers. […] In this attack scenario, the data stored is encrypted without anyone noticing, leaving an unencrypted database full of data in an encrypted state. The decryption key is provided for some amount of time to ensure normal operations before it is suddenly yanked and the web applications cease to function or function improperly. Shortly thereafter, a ransom note is sent.”

Ensuring that servers are properly configured, that default passwords are changed, and that patches are applied when released is essential to protecting your systems – and anyone who uses them –against attacks.

For more information on web app security, read Web Application Security is a Stack – How to CYA (Cover your apps) completely.

Aimed at application developers, system administrators and operators, as well as network professionals who need a comprehensive top-level view of web application security in order to better defend and protect both the ‘web’ and the ‘application’ against potential attacks, this book examines the most common, fundamental attack vectors and shows readers the defense techniques used to combat them.

Click here for more information >>