Variants of Ransomware attacksDate: 13 February 2020 Tags: IT, Mobile & Computers
There are three main modes of distribution for the major ransomware families that are set to increase their attacks this year, security researchers warned on the occasion of Safer Internet Day.
The research highlights how ransomware tries to slip unnoticed past security controls by abusing trusted and legitimate processes, and then harnesses internal systems to encrypt the maximum number of files and disable back-up and recovery processes before an IT security team catches up.
Ransomware that spread by replicating itself is called a ‘cryptoworm’. The WannaCry attack that caused damage worldwide in 2017 is an example of this kind of ransomware.
These malware also spread as ransomware-as-a-service (RaaS), which are sold on the dark web as a distribution kit (for example, Sodinokibi).
The third most common way of their spread is as automated active adversary attack, where attackers manually deploy the ransomware following an automated scan of networks for systems with weak protection.
Everything is designed to avoid detection while the malware encrypts as many documents as possible as quickly as possible and makes it hard to recover the data.
How to protect our system from ransomware?
Have a list of all devices connected to your network and that any security software you use on them is up to date to detect.
Keep regular back-ups of your most important and current data on an offline storage device as this is the best way to avoid having to pay a ransom when affected by ransomware.
Administrators should enable multi-factor authentication on all management systems that support it, to prevent attackers disabling security products during an attack.