The 2018 RSA Conference took place in San Francisco last week and Nettitude's Senior Consultant, Ben Rothke traveled there to deliver a presentation on ransomware. He discussed both how not to become a victim, and what enterprises should do if they do become one. Here is a recap of what Ben discussed.

Did you know that the word ransomware has been added to the Oxford English Dictionary? It's become a widely used term in the cybersecurity world and a hot topic in the news, especially in the last couple of years with a number of high profile cases making the national headlines. The most recent being the ransomware attack that hobbled the city of Atlanta.

Understanding what ransomware is and what it can do to exploit you is an important part of fighting against it. In simple terms it is 'a type of malicious software designed to block access to a computer system until a sum of money is paid'. 

Types of Ransomware 

Crypto ransomware encrypts data and files and renders them useless until a decryption key is obtained. It does not deny the use to access the computing resources.

Unlike crypto ransomware, locker ransomware completely denies access to the computing resources. The user can only interact with the ransomware itself. The device may be remediated using data recovery tools. 

There are a couple of ransomware attack vectors to be aware of, many ransomware attacks are sent through email, where a Microsoft Office document is sent with a macro. It could also be sent as a JavaScript (.js), Windows Scripting File (.wsf) or PowerShell File. The exploitation relies on a user clicking and opening these types of files, otherwise known as a phishing scam. 

Ransomware could also be delivered through the Cerber or CryptXXX trojan on the web. These work in conjunction with exploit kits such as RiG, Sunset and Magnitude. This ransomware often relies on unpatched browser plug-ins to gain access. 

The best defense is good backups

If ransomware exploits your networks and devices then you have a couple of options. If you have a good backups in place, then you can start your restoration plan if a ransomware attack takes place. 

Why do attackers use ransomware?

To put it simply, it's easy. Attackers use low-cost kits that are available for global distribution resulting in a huge increase in ransomware variants since 2015. 

Cybercriminals are also using ransomware as a service (RaaS) as a distribution model, which makes it easier for less technically savvy cyber criminals to use ransomware to extort organizations.

Have you been infected with ransomware? 

There are a handful of obvious signs that there is ransomware on your device or network. 

• You can't open the files on your device
• and if you try to open them you get an error message to say the file is corrupted
• You get a message on your device desktop that instructs you on how to pay to gain access to your files
• Files in all directories with names like: HOW TO DECRYPT FILES.TXT or DECRYPT_INSTRUCTIONS.HTML.

How to avoid being a ransomware victim

Backups and a tested DR/BC plan

• Off-site backup. Not connected to current network.
• Ensure backups are done for all critical data.
• If a restore is needed, ensure it’s from a trusted non-infected backup.
• Update the DR plan regularly
• Ensure it’s comprehensive, thorough and tested.

Want to know more about what you can do to prevent the devices in your organization from becoming infected with ransomware? Contact us today.