How Does Ransomware Infect a Network?
Ransomware is rapidly becoming a hot topic in IT security. With hackers collecting over $300 million from ransomware in 2015 alone, every IT professional should know how it works, what to watch for, and how to prevent infection.
Ransomware, as its heart, is a pretty basic idea. A specially-coded virus infects one or more computers (up to and including entire enterprise networks) through spam emails, malicious websites, or infected downloads.
Once the infection successfully makes its way into a network or device, it begins to parse all the system files while scrambling the data inside. In order to unscramble that data and regain access, the victim of ransomware will be asked to pay a ransom, almost always in “internet currency”, such as bitcoin, which is difficult to trace.
The most common ransomware attack vectors are often easily prevented against, but curiosity, a lack of firewall protection, or social engineering may still leave your business vulnerable. Let’s look at how enterprises can set up defense systems to mitigate these concerns.
A recent spam email campaign, targeting users in Australia, successfully tricked recipients into confirming their parcels on a malicious website. Once the users had made the initial website visit, the infected files downloaded onto their PCs, with the end result being users locked out of their own technology thanks to the CTB-Locker variant of ransomware.
These kinds of attacks, utilizing spam emails, are increasingly common and designed to get past the usual basic filtering systems. Ransomware infections that arrive via email usually involve malicious links or attachments which look innocent or innocuous.
More sophisticated attacks involve social engineering, where the person looking to infect a network will set up an appointment through email to gain the confidence of an employee of the business they’ve chosen to target. Over the course of a phone, they’ll instruct the employee to visit a particular website.
In many cases, a simple click on that website will be all it takes to infect your network.
To mitigate the threat of spam emails causing ransomware on a network, be sure to engage your employees regularly on suspicious emails! Regular training on information security awareness will also help them to identify suspicious emails or phone calls. The entire company, right from the ground up, should be trained in how to prevent cyber attacks.
The most common method of infecting networks involves the use of innocent-looking websites. Many organizations build their company website using a popular content management system (such as WordPress), then neglect to run the suggested updates over time.
These websites, without the consistent updating required, become sitting ducks. They’re especially vulnerable to a variety of different attacks that will be tailored specifically for websites on these platforms that are out-of-date. It’s important to use a browser add-on that filters malicious content or removes scripting.
Ad networks are also becoming a larger target. In early 2016, mainstream websites such as Forbes, MSN and others were inadvertently serving up advertisements that contained malware.
Malicious websites tend to exploit PCs that have out of date plugins such as Flash, Java or Silverlight. When these plugins are out of date, hackers can place code on a malicious website that remotely downloads and executes the ransomware virus onto your PC.
These types of threats can best be mitigated in two ways. First, make sure your network includes a proxy or firewall that will help to filter out malicious content on webpages and consider setting up an ad-blocker on website browsers if employees are allowed access to the internet. Secondly, always utilize real-time security features found within your anti-virus suite. Keeping your anti-virus programs updated and continually running will help to prevent infection.
Consider implementing an application that assists your IT staff with patching these vulnerable third party plugins.
Users may inadvertently download files that they think are safe and still become infected. Linux Mint, an open source operating system that is among the most downloaded in the world, was found to be infected with malware in February of 2016. While the problem was quickly fixed, this hijacked download could have potentially caused real chaos on a network, as the hacker behind the infection could gain administrator access to any machine on the enterprise network that runs on that particular operating system.
Infected downloads typically target systems that do not have real time malware or virus protection running. Many systems administrators thwart the prospect of malware by simply not allowing users to download specific file types without the IT staff’s manual approval.
At the workstation level, group policies can be configured to help mitigate the threats of downloaded ransomware. Malwarebytes has released its Anti-Ransomware suite into beta, allowing users to try out the new ransomware mitigation software for free.
Tying It All Together
Enterprises can greatly reduce their attack surface by instituting the following steps:
- Require Mandatory Updates for Web Browsers and Plugins
- Implement Browser Plugins such as Web of Trust and Adblock Plus
- Configure Intrusion Prevention and Content Filtering on your Firewall
- Examine your Firewall and Anti-Virus Logs Everyday
- Implement Spam Filtering before it Reaches Your Users Inbox
- Experiment with 3rd Party Anti-Ransomware Software
- Create Group Policies that Prohibit Ransomware from Running
- Always Create a Backup of your Data
- Provide Training for End Users on the Latest Threats
When your enterprise implements these 9 tips, you can be confident that your network can successfully deflect a ransomware attack.
When you’re interested in cyber security that’s high-tech, up-to-date, and performed by experienced professionals dedicated to keeping your startup, small business, or large enterprise running without interruption or infection, BACS is the company to call. Based out of the San Francisco Bay Area, we work with clients nationwide to provide full-service Managed IT and Security Services that keep you (and your business) safe. To schedule your IT Security Audit or learn more today, give us a call at (650) 887-4601 or contact us online at any time.
Looking to learn more about ransomware? Download our FREE e-book just by clicking the banner below!