Fight The New Generation of Crypto-Trojans
Ransomware

Ransomware: This is How Companies Can Protect Themselves!

More and more companies are now threatened by Ransomware attacks. These are attacks by malicious programs that encrypt data on other computers. The aim of these attacks: the victims have to pay a ransom to gain access to their data again. The following article discusses how professionally and perfidiously a ransomware attacker can proceed, and how serious the consequences can be. We also take a closer look at the new Intercept X product from Sophos.

Why Ransomware and Cyber-Crime are Such a Lucrative Business

Ransomware - also known as crypto-trojans - are available in a wide variety of variants. That's how in 2013 CryptoLocker made the round. In 2016, we were confronted with a new generation of ransomware. Locky, Goldeneye, Stampado are just a few examples of malicious software that have become even more professional, effective and perfidious. And since then, they have still not completely disappeared from the scene.

In short, everyone can easily be affected by these attacks! A private person suffers from such an attack as much as a hospital loosing its complete data (e.g. patient records) It is said a US hospital paid a ransomware attacker around 16,000 US dollars to get its data back. The crucial question is: How valuable is your company information (sensitive data, prototypes, contracts, etc.) to you and what does its loss mean for you?

In any case, for the attackers ransomware is a profitable business. "Malware as a Service" - programs (that are immediately ready for use) are offered in the Darknet. Ultimately, the market for cyber-crime is now bigger and more lucrative than the volume of international drug trafficking. The motto also seems to be: Spread it to the market as widely as possible.

Message of an infected client; source: Sophos
Message of an infected client; source: Sophos

What Makes Malicious Software so Tricky

Ransomware attackers are highly professional. The attacks are of high quality, extremely effective and widespread. An infection with an encryption Trojan is usually done by e-mail, whereby the attackers use classic tools such as Microsoft Office programs which hides the malware itself.

Whoever Believes to Easily Identify Suspicious Mails is Mistaken!

The mails from the alleged Nigerian prince, often written in bad English, should now be familiar to everyone as SPAM. Also pretty well known are those emails with dubious bills attached. Experience shows, however, that even with a healthy caution ... humans remain a curious and gullible beings, so that skepticism alone is not sufficient to protect oneself.

For companies, training can be an effective means to raise awareness among employees. But how can I actually reach every employee, even the 14-year interns? Almost never. And how should I recognize an infected mail if the attacker has made specific targets? There are cases where personnel departments have received job applications for jobs that have actually been infected with malware. How can such an attack be countered?

Whoever can dream that the attackers are running ticket systems to manage the "back-office processing", can imagine how professional the attacks have become in the meantime.

Pay or not pay - What to do When Ransomware has Hit?

So what to do if your own files are encrypted and even the backup is affected? If it is actually wise to comply with the demands of the blackmailer remains an open question. The Federal Office for Information Security (BSI) recommends not to pay any ransom. In many cases the data disappeared forever or the ransom payment was followed by further demands. After all, whoever has been successfully blackmailed will often remain in trouble.

IT security vendors work with various resources and products to minimize the dangers of ransomware. However, even an anti-virus tool with the highest detection rates and the best firewall will ultimately have the same effect as an airbag or a bicycle helmet. Somewhere an attacker will eventually hit his target. This is because the attackers continue to evolve and the security manufacturers are only a nose-length ahead.

Intercept X from Sophos: How Ransomware Can be Effectively Combated

With Intercept X, Sophos has launched a product that complements existing antivirus programs in the fight against malware. Intercept X operates at different levels: Common malware transmission methods are blocked to close security gaps in operating systems, browsers, or applications such as Adobe. If malware can nevertheless access the file system, unauthorized encryption processes are detected and blocked.

What Happens with the Affected Files?

These files are returned to their original state. Furthermore, Intercept X ensures that the systems are thoroughly cleaned up by the malware.

See Sophos live - Visit th eSophos Intercept X Truck
See Anti-Ransomware live: the Sophos Intercept X Truck is on tour in Europe

A root-cause analysis tool also provides insights into how the system could be attacked and which systems could be accessed. This is a great tool to improve prevention of future attacks even further.

Causal analytics chart
Causal analytics chart; source: Sophos

Intercept X from Sophos is a hosted, cloud-based solution. However, some companies and authorities prefer a locally installed and managed solution. Sophos Endpoint eXploit Prevention (short: EXP) has been available since the end of February. For those that cannot do the root cause analysis, EXP provides all protection features of Intercept X - managed via the locally installed Sophos Enterprise Console.

Trying to Secure Your IT?

Reach out to our Managed Security team for support and advise.

Discover Managed Security
  • Wednesday 05 April 2017

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment

Author

Dirk Frießnegg, Solution Advisor IT Security

Dirk Frießnegg Solution Advisor IT-Security

Endpoint security against modern threats such as Ransomware

Related Items

Cyber-Security Bulletin September 2019
  • 17 September 2019
  • Bala Sethunathan
  • Cyber Security Updates, Managed Security
  • Security, Cyber-Security

Cyber-Security Updates – September 2019

This month’s edition informs about latest data breaches, a data-stealing Android malware, a master decryption key provided by the FBI, and cyber-threat intelligence updates such as multi-stage attack delivering backdoor to turn Elasticsearch…

Proactive Configuration Management: The Key to Good Cybersecurity
  • 11 September 2019
  • Bala Sethunathan
  • Managed Security
  • Security, Cyber-Security

Proactive Configuration Management: The Key to Good Cybersecurity

Prioritize and protect mission critical assets with the help of our security expert team to build a proper cybersecurity strategy

Three Differences Between On-Premise and Cloud Security
  • 04 September 2019
  • Bala Sethunathan
  • Managed Security
  • Cloud, Security

Three Differences Between On-Premise and Cloud Security

To enable enhanced cloud security, organizations must understand the cloud’s fundamental differences from an on-premise environment.