Advanced Threat Protection

Ransomware Discovery  

04-12-2017 03:49 AM

Hi All,

Theseday we are hearing many cases of ransomware infection which is not only badly impacts bussiness but also the crticial data. As this virus encrypt the sensetive data with private key genrated from C2C or from attacker server. The way Ransomware enters into the network and infect the critical servers silently the installed antivrus also not able to detect proactively. I have been worked on couple of Ransomware virus attack therefore sharing my experince as well as little research, history, best practices and prevention methodology. This arctilce more focused on Ransomware Discovery and next article will be focused on prevention methodology. I am trying to answer all WH question related to ransomware.

 

Ransomware History and Trend

Ransomware is malware that encrypts a user's files-folder and often deletes the original copy if ransom (money) is not paid to attacker to get decryption keys.

ransomware1.jpg

Trend

Ranomware 2.jpg

Why ransomware target businesses?

  • Attackers are aware of that ransomware can create major business disruptions therefore it will increase their chances of being paid more.
  • Computer in companies are prone to vulnerabilities, which can be exploited through technical means and social engineering tactics.
  • cyber criminals also know that business not report ransomware attacks for avoid legal or reputation consequences;

What are most common methods used by ransomware to come in?

  • Plenty of Spam email with malicious links or attachments are sent as part of offer or notification campaigns 
  • vulnerable software exploited
  • Botnets;
  • Self-propagation (spreading from one infected machine to another);

Ranomeware 3.png

Why Ransomware get undetected?

  1. Ransomware start communication with Command & Control servers is encrypted 
  2.  Browser or method like TOR , Bitcoin used to avoid tracking by law enforcement agencies
  3. Anti-sandboxing technique used so antivirus won’t detect as abnormal process;
  4. Encrypted payloads make difficult for antivirus to scan as malware,
  5. Polymorphic behavior of ransomware has ability to alter and create a new variant,
  6. Ransomware has the ability to remain dormant 

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.