Fight The New Generation of Crypto-Trojans


Ransomware: This is How Companies Can Protect Themselves!

More and more companies are now threatened by Ransomware attacks. These are attacks by malicious programs that encrypt data on other computers. The aim of these attacks: the victims have to pay a ransom to gain access to their data again. The following article discusses how professionally and perfidiously a ransomware attacker can proceed, and how serious the consequences can be. We also take a closer look at the new Intercept X product from Sophos.

Why Ransomware and Cyber-Crime are Such a Lucrative Business

Ransomware - also known as crypto-trojans - are available in a wide variety of variants. That's how in 2013 CryptoLocker made the round. In 2016, we were confronted with a new generation of ransomware. Locky, Goldeneye, Stampado are just a few examples of malicious software that have become even more professional, effective and perfidious. And since then, they have still not completely disappeared from the scene.

In short, everyone can easily be affected by these attacks! A private person suffers from such an attack as much as a hospital loosing its complete data (e.g. patient records) It is said a US hospital paid a ransomware attacker around 16,000 US dollars to get its data back. The crucial question is: How valuable is your company information (sensitive data, prototypes, contracts, etc.) to you and what does its loss mean for you?

In any case, for the attackers ransomware is a profitable business. "Malware as a Service" - programs (that are immediately ready for use) are offered in the Darknet. Ultimately, the market for cyber-crime is now bigger and more lucrative than the volume of international drug trafficking. The motto also seems to be: Spread it to the market as widely as possible.

Message of an infected client; source: Sophos

What Makes Malicious Software so Tricky

Ransomware attackers are highly professional. The attacks are of high quality, extremely effective and widespread. An infection with an encryption Trojan is usually done by e-mail, whereby the attackers use classic tools such as Microsoft Office programs which hides the malware itself.

Whoever Believes to Easily Identify Suspicious Mails is Mistaken!

The mails from the alleged Nigerian prince, often written in bad English, should now be familiar to everyone as SPAM. Also pretty well known are those emails with dubious bills attached. Experience shows, however, that even with a healthy caution ... humans remain a curious and gullible beings, so that skepticism alone is not sufficient to protect oneself.

For companies, training can be an effective means to raise awareness among employees. But how can I actually reach every employee, even the 14-year interns? Almost never. And how should I recognize an infected mail if the attacker has made specific targets? There are cases where personnel departments have received job applications for jobs that have actually been infected with malware. How can such an attack be countered?

Whoever can dream that the attackers are running ticket systems to manage the "back-office processing", can imagine how professional the attacks have become in the meantime.

Pay or not pay - What to do When Ransomware has Hit?

So what to do if your own files are encrypted and even the backup is affected? If it is actually wise to comply with the demands of the blackmailer remains an open question. The Federal Office for Information Security (BSI) recommends not to pay any ransom. In many cases the data disappeared forever or the ransom payment was followed by further demands. After all, whoever has been successfully blackmailed will often remain in trouble.

IT security vendors work with various resources and products to minimize the dangers of ransomware. However, even an anti-virus tool with the highest detection rates and the best firewall will ultimately have the same effect as an airbag or a bicycle helmet. Somewhere an attacker will eventually hit his target. This is because the attackers continue to evolve and the security manufacturers are only a nose-length ahead.

Intercept X from Sophos: How Ransomware Can be Effectively Combated

With Intercept X, Sophos has launched a product that complements existing antivirus programs in the fight against malware. Intercept X operates at different levels: Common malware transmission methods are blocked to close security gaps in operating systems, browsers, or applications such as Adobe. If malware can nevertheless access the file system, unauthorized encryption processes are detected and blocked.

What Happens with the Affected Files?

These files are returned to their original state. Furthermore, Intercept X ensures that the systems are thoroughly cleaned up by the malware.

See Anti-Ransomware live: the Sophos Intercept X Truck is on tour in Europe

A root-cause analysis tool also provides insights into how the system could be attacked and which systems could be accessed. This is a great tool to improve prevention of future attacks even further.

Causal analytics chart; source: Sophos

Intercept X from Sophos is a hosted, cloud-based solution. However, some companies and authorities prefer a locally installed and managed solution. Sophos Endpoint eXploit Prevention (short: EXP) has been available since the end of February. For those that cannot do the root cause analysis, EXP provides all protection features of Intercept X - managed via the locally installed Sophos Enterprise Console.

Trying to Secure Your IT?

Reach out to our Managed Security team for support and advise.

Discover Managed Security
  • Managed Security
  • Security, Ransomware, Cyber Attack

Reageer op dit artikel

Laat een reactie achter om ons te laten weten wat je van dit onderwerp vindt!

Laat een bericht achter


Dirk Frießnegg

Solution Advisor IT-Security

Endpoint security against modern threats such as Ransomware

Related Items

Blog Tim Jonker - Het verleden, het heden en de toekomst van applicaties en het beveiligen ervan

Het verleden, het heden en de toekomst van applicaties en het beveiligen ervan

We zijn vrijwel allemaal bekend met applicaties. Door de komst van de smartphones is dit gemeengoed geworden en maken we er dagelijks gebruik van. We doen onze bankzaken via een app, we boeken onze vakantie ermee of we lezen online de krant.…

Meerlagen EDR (XDR)
  • 30 juli 2020
  • William Jansen
  • Managed Security, Cybersecurity User Awareness, Cybersecurity
  • Security, Endpoint Management

What's next: Meerlagen-Endpoint Detection and Response (XDR)

In zijn vorige blog “Next-Gen”- EDR gaf William Jansen de verschillen aan met Endpoint security, SIEM en de uitdagingen met standalone EDR-oplossingen. Nu gaat William in op de trend richting Managed Detection and Response, Cross Layer…

Endpoint Detection and Response (EDR)
  • 12 juni 2020
  • William Jansen
  • Cybersecurity, Managed Security, Security
  • Security, Cyber Threats, Endpoint Management

Kennis is macht, inzicht met Endpoint Detection and Response geeft kracht.

Vaak is een endpoint device de belangrijkste ingang die gebruikt wordt door cyberaanvallers. Endpoint Detection and Response is een toolset voor opsporen, voorkomen en detecteren van bedreigingen. Lees meer hierover in de blog van William Jansen.