Dominating the threat landscape this year, ransomware has become an issue that all modern businesses need to worry about. While ransomware isn’t a new phenomenon, over the years it has grown from a mild annoyance to a shocking financial burden for many individuals and businesses today. Variants such as NotPetya, WannaCry, and Locky are among those that wreaked havoc for businesses worldwide this year—rising to become some of the most damaging ransomware attacks in history.
Recently, the Webroot threat research team released their list of the Top 10 Nastiest Ransomware Profiles, which highlights the most destructive ransomware of 2017. The list illustrates the reality of how cybercriminals will continue to develop new infections and capitalize on reliable, successful attack methods. Keep reading to discover the top ransomware attacks of this past year, what you might need to look out for in 2018, and how you can keep yourself and your clients protected from the threat of ransomware.
“Ransomware is one of the most prevalent security issues facing companies today, and there are a few major reasons why,” says Hunter Smith, Chief Information Security Officer at Continuum. “First is accessibility—ransomware is extremely easy for cybercriminals to purchase on the dark web, and most modern businesses don’t adequately defend against it. The next reason boils down to one thing—money. Each ransom demand, which averages around $700 today, can be monetized through bitcoin payments that are becoming increasingly harder to track—causing ransomware attacks to be more prolific in recent years than ever before.”
According to Webroot, the top 10 nastiest profiles of 2017 were:
NotPetya is crowned number one because it was engineered to do damage to a country's infrastructure. Starting as a fake Ukrainian tax software update, NotPetya infected thousands of computers in more than 100 countries over the course of just a few days.
Also known as WannaCrypt, WannaCry has been one of the most devastating ransomware attacks in history. This strain used EternalBlue, a vulnerability in Microsoft’s Server Message Block protocol, to infect more than 300,000 computers globally.
Formerly 2016’s most popular ransomware, new Locky variants—Diablo and Lukitus—emerged this year, using the same the phishing email attack vector to initiate their exploits. Crowned the king of spam emails, Locky can reach millions of users per day in exploit campaigns.
This ransomware enables cybercriminals to use Microsoft’s Remote Desktop Protocol to exploit administrators and machines that control entire organizations.
Arriving in the form of a phishing email that looks like a shipping invoice, Nemucod downloads malware and encryption components stored on compromised websites.
Similar to Locky, Jaff variants use phishing emails to initiate ransomware attacks, and new variants of Jaff continue to be distributed.
This commonly uses ransomware-as-a-service (RaaS), which enables non-technical cybercriminals to package ransomware and distribute it to other cybercriminals, with the developers of the malware taking a cut of the money gained.
This ransomware is one of the few that does not have a type of payment portal available on the dark web. Instead, victims are required to wait for the cybercriminals to send instructions about how to pay a ransom with Bitcoin.
This ransomware embeds an image of the clown from the “Saw” movies into a spam email. Then, if a user clicks on the image, the ransomware may encrypt and/or delete the victim’s files every hour until the ransom is paid.
Despite the growing evolution and nastiness of ransomware, there are a few strategies that MSPs and IT service providers can put into place to protect themselves and their clients from ransomware and significantly reduce their risk of falling victim.
User Training and Management
The first line of defense within an organization is its people. Therefore, employees need to be properly trained and educated on today’s cyber risks, including how to identify and avoid malicious emails and websites. Similarly, businesses need to be able to manage user credentials and privileges so—should they fall victim to ransomware—they can limit its ability to spread.
Practice Good Cyber Hygiene
Firmware and patches are how vendors push out important security updates, so make sure your clients’ operating systems and applications are patched and up-to-date. Additionally, encourage employees to get in the habit of hovering over a link before clicking on it, as well as adhering to strong password best practices and changing them regularly.
Backup and Store Sensitive Data
Generally, ransomware only has the ability to encrypt files that are locally stored on a user’s system. Therefore, you should look for a reliable backup and disaster recovery (BDR) solution that allows you to back up your clients’ sensitive data to an offline location. In the case of equipment failure or ransomware, you can easily access your clients’ backup—helping restore business as usual.
Leverage a World-Class Security Solution
Look for a security solution that includes elements like endpoint protection, threat monitoring and management, and a security operations center (SOC) to provide complete protection against multiple attack vectors.
“With the threat landscape changing every minute, it’s near impossible for businesses to expect their IT environment will be protected based on stale information,” claims Brian Downey, Senior Director of Product Management at Continuum. “There’s now a clear need to evolve with the threat landscape, which is why threat intelligence and continuous monitoring are so critical in a security solution. These elements ensure that both existing and new systems will be constantly aware of the threats that could impact the business in real time, not simply in the past.”
“By expanding our partnership with Webroot—a leader in endpoint protection—Continuum Security will enable IT service providers to not only define their managed security offering, but also minimize attack damage and dwell time,” continues Downey. “The combination of protection tools with best in class management capabilities and security services allows us to provide a more comprehensive security solution—covering a much wider landscape of technology threats and challenges for our partners.”
Handpicked for you:
By Lily Teplow
By Brian Downey
By Dave LeClair