Fight The New Generation of Crypto-Trojans


Ransomware: This is How Companies Can Protect Themselves!

More and more companies are now threatened by Ransomware attacks. These are attacks by malicious programs that encrypt data on other computers. The aim of these attacks: the victims have to pay a ransom to gain access to their data again. The following article discusses how professionally and perfidiously a ransomware attacker can proceed, and how serious the consequences can be. We also take a closer look at the new Intercept X product from Sophos.

Why Ransomware and Cyber-Crime are Such a Lucrative Business

Ransomware - also known as crypto-trojans - are available in a wide variety of variants. That's how in 2013 CryptoLocker made the round. In 2016, we were confronted with a new generation of ransomware. Locky, Goldeneye, Stampado are just a few examples of malicious software that have become even more professional, effective and perfidious. And since then, they have still not completely disappeared from the scene.

In short, everyone can easily be affected by these attacks! A private person suffers from such an attack as much as a hospital loosing its complete data (e.g. patient records) It is said a US hospital paid a ransomware attacker around 16,000 US dollars to get its data back. The crucial question is: How valuable is your company information (sensitive data, prototypes, contracts, etc.) to you and what does its loss mean for you?

In any case, for the attackers ransomware is a profitable business. "Malware as a Service" - programs (that are immediately ready for use) are offered in the Darknet. Ultimately, the market for cyber-crime is now bigger and more lucrative than the volume of international drug trafficking. The motto also seems to be: Spread it to the market as widely as possible.

Message of an infected client; source: Sophos

What Makes Malicious Software so Tricky

Ransomware attackers are highly professional. The attacks are of high quality, extremely effective and widespread. An infection with an encryption Trojan is usually done by e-mail, whereby the attackers use classic tools such as Microsoft Office programs which hides the malware itself.

Whoever Believes to Easily Identify Suspicious Mails is Mistaken!

The mails from the alleged Nigerian prince, often written in bad English, should now be familiar to everyone as SPAM. Also pretty well known are those emails with dubious bills attached. Experience shows, however, that even with a healthy caution ... humans remain a curious and gullible beings, so that skepticism alone is not sufficient to protect oneself.

For companies, training can be an effective means to raise awareness among employees. But how can I actually reach every employee, even the 14-year interns? Almost never. And how should I recognize an infected mail if the attacker has made specific targets? There are cases where personnel departments have received job applications for jobs that have actually been infected with malware. How can such an attack be countered?

Whoever can dream that the attackers are running ticket systems to manage the "back-office processing", can imagine how professional the attacks have become in the meantime.

Pay or not pay - What to do When Ransomware has Hit?

So what to do if your own files are encrypted and even the backup is affected? If it is actually wise to comply with the demands of the blackmailer remains an open question. The Federal Office for Information Security (BSI) recommends not to pay any ransom. In many cases the data disappeared forever or the ransom payment was followed by further demands. After all, whoever has been successfully blackmailed will often remain in trouble.

IT security vendors work with various resources and products to minimize the dangers of ransomware. However, even an anti-virus tool with the highest detection rates and the best firewall will ultimately have the same effect as an airbag or a bicycle helmet. Somewhere an attacker will eventually hit his target. This is because the attackers continue to evolve and the security manufacturers are only a nose-length ahead.

Intercept X from Sophos: How Ransomware Can be Effectively Combated

With Intercept X, Sophos has launched a product that complements existing antivirus programs in the fight against malware. Intercept X operates at different levels: Common malware transmission methods are blocked to close security gaps in operating systems, browsers, or applications such as Adobe. If malware can nevertheless access the file system, unauthorized encryption processes are detected and blocked.

What Happens with the Affected Files?

These files are returned to their original state. Furthermore, Intercept X ensures that the systems are thoroughly cleaned up by the malware.

See Anti-Ransomware live: the Sophos Intercept X Truck is on tour in Europe

A root-cause analysis tool also provides insights into how the system could be attacked and which systems could be accessed. This is a great tool to improve prevention of future attacks even further.

Causal analytics chart; source: Sophos

Intercept X from Sophos is a hosted, cloud-based solution. However, some companies and authorities prefer a locally installed and managed solution. Sophos Endpoint eXploit Prevention (short: EXP) has been available since the end of February. For those that cannot do the root cause analysis, EXP provides all protection features of Intercept X - managed via the locally installed Sophos Enterprise Console.

Trying to Secure Your IT?

Reach out to our Managed Security team for support and advise.

Discover Managed Security
  • Managed Security
  • Security, Ransomware, Cyber Attack

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment


Dirk Frießnegg

Solution Advisor IT-Security

Endpoint security against modern threats such as Ransomware

Related Items

  • 15 September 2021
  • Bala Sethunathan
  • Cybersecurity, Managed Security, Cyber Threat Bulletin, Cybersecurity User Awareness
  • Cyber Threats, Ransomware, Vulnerability Management

Cyber Security Update August 2021

Accenture and Bangkok Airways suffer from a LockBit Ransomware Attack. Learn why ransomware attacks have become a favorite form of attack.

Handling GDPR Authorities After a Breach
  • 16 August 2021
  • Bala Sethunathan
  • Cybersecurity, Managed Security
  • GDPR, Cyber Threats, Data Breaches

Handling GDPR Authorities After a Breach

If a data breach or ransomware attack occurs in your organization, you must contact GDPR authorities. Here’s what you need to know to prepare.

  • 09 August 2021
  • Bala Sethunathan
  • Cybersecurity, Managed Security, Cyber Threat Bulletin, Cybersecurity User Awareness
  • Cyber Threats, Physical Security Risks

Cyber Security Update July 2021

At least one in three reported data breaches involved an insider. Accidental and malicious insider risk can cost businesses 20% of their annual revenue.