For the uninitiated, Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. This way of pulling cash from victims is the newest and the hottest way that hackers are cashing in to lure unsuspecting victims. Viruses like Cryptolocker, Cryptowall have terrorized victims. In 2013, CryptoLocker shook the internet when it unleashed havoc.
Ransomware has turned to be the easy way for making money. Despite many organizations increasing cyber security, many systems are still vulnerable to these kinds of attacks. The associated consequences are too far-reaching to be ignored. Ransomware is increasingly becoming a top concern because of its effectiveness in generating revenues.
And now, brace yourselves because Ransomware 2.0 is here! Cisco has been generated data from its customers to create a cybersecurity report outlining the risks of Ransomware. While discussing Cisco 2016 Midyear Cybersecurity Report, Jason Brvenik, Principal Engineer at Cisco’s Security Business Group said – “The landscape is simple. Attackers can move at will. They’re shifting their tactics all the time. Defenders have a number of processes they have to go through”. Once the hacker is in control of the company’s files and encrypts them, the victims have to shell out whatever is asked to decrypt the files. Before Ransomware 2.0 does damage to your enterprise, it’s always better to take precautionary measures. As Brvenik recommends –
- Improve network hygiene – improve aging infrastructure to limit vulnerabilities.
- Protect your users everywhere they are – whether they’re on a laptop, a smartphone, or another device. Users are the target. Protect them.
- Measure time to detection – Find out how long an attacker can live in your network before they are found.
- Use machine learning techniques combined with novel data views.
These can go a long way in keeping your confidential data safe and away from hackers. Ransomware primarily creeps in through e-mails and false advertising. So exercise caution before clicking on links that you receive in your emails. These days, ransomware seems to be using the vulnerabilities of network and servers to creep into enterprise data. If this ransomware becomes self-propagating to create Ransomware 2.0, companies are headed for a lot of trouble. Citing examples, Brvenik said that future ransomware attacks may evade detection by limiting CPU usage and refraining from command-control actions, allowing them to spread faster and self-replicate at unimaginable speeds.
“In April, Cisco estimated that 10% of all JBoss servers worldwide were compromised. And they were compromised using readily available tools and old vulnerabilities. Adobe Flash is still a favorite. It gives a viable attack surface for them. And we see Microsoft Silverlight vulnerabilities. This means to us that people are opportunizing those that work for them,” Brvenik said. “We saw a 300% increase in the use of HTTPS with malware over the past four months. Ad injection is the biggest contributor. Adversaries are using HTTPS traffic to expand time to operate. That’s the attacker opportunity as it exists today,” he added.
Further adding on the time taken to detect such ransomware, he added – “It is a living number as defenses improve and attackers change. This is good. It says that for the customers that have these systems, when they are compromised, they’re now down to 13 hours as a median time to detect it. I wouldn’t leave the door to my house open for 13 hours; and that’s what you’re doing when you leave your door open to attackers for 13 hours.” He concludes – “No industry is safe,” Brvenik said. “Assuming that what you do is of no interest to attackers is not a good way to think of it.”