Informant Networks has recently observed and responded to Ransomware attacks affecting the manufacturing sector based out of the Udyambag Industrial region. While the most affected companies are those which possess Intellectual Property(CAD drawings, designs of products, blue prints, business process related documents, etc..) others have lost data due to inadequate protection and ineffective defensive mechanisms. Most of these attacks are orchestrated via use of infected pen drives, by attachments sent via E-mail and by using of an infected version of the popular remote desktop tool ‘Ammyy Admin’
We take this as an opportunity to educate the general populace about Ransomware.
Technology, with its exponential evolution brings global proximity and benefits each one associated with it. Everyone connects with technology in its various forms through daily routine and benefits from what it has to offer. It has brought in a global change of spectrum where information is easily accessible to anyone who wants to access it. Along with the beneficence it has to offer, with each approaching day, everyone faces new threats to their privacy, both in their personal and professional life. Once such threat that was recently discovered and has gained worldwide interest due to the intensity of its effects on the victim’s computer; Ransomware, deals with covertly encrypting or locking the victim’s data and demands a ransom to decrypt it or not publish it online.
Ransomware, primarily a secure data kidnapping attack was invented and implemented by Young and Yung at Columbia University and was presented at the 1996 IEEE Security & Privacy conference, then called cryptoviral extortion. Initially based out of Russia, the malware caught international recognition in 2013, when the security software vendor McAfee reported 250,000 unique samples of the malware estimating a worth of around $3 Million through a encryption based Trojan named CryptoLocker, which was later taken down by authorities and around $18 million accrued through another Trojan named CryptoWall. A wide range of ransomware were discovered and studied over the last decade, some notable ones named Reveton, CryptoLocker, TorrentLocker, CryptoWall and more recently Cerber which all worked on the same principle of attacking through a trojan and demanding ransom to decrypt the locked system or information
Ransomware attacks anything from websites to personal files to official documents. The attacks are typically carried out using a Trojan, entering a system through, for example, a downloaded file, an email or through a infected pen drive. The program then runs a payload which locks the system or a certain important section of the system for further usage. The most sophisticated payloads encrypt files, with many using strong encryption to encrypt the victim’s files in such a way that only the malware author has the needed decryption key. It is always about payments; the victim being coerced to pay. Only the attacker has the decryption key, may be in the form of a payload which undoes the previous program or decrypts the locked system, once the payment is done.
Although ransomware is usually aimed at individuals, it’s only a matter of time before business is targeted as well
It is not uncommon for the industries around us to be under the threat of Ransomware and continually operate under the scare of an attack. Many industries and businesses have already fallen prey to the attack of Ransomware and hence it is of utmost importance to be updated about the recent trends in the cyber security industry and be protected against attacks of all domains. In the case of a Ransomware, security software cannot always guarantee the safety of your system specially in cases of encrypted payloads. Here the attack is detected only once the file is executed, in which case it is futile to detect the malware. Also, the payload is, almost every time, of a new version than from the ones previously detected by the software, which is unknown to the software. If detected in the early stages, it is possible to obliterate the malware before the encryption is executed. Years of research and study on this platform has led security experts to educate the industry with preventive measures of dealing with ransomware. It is always beneficial to take an “offline” backup of important files and documents on external drives as the malware does not affect external drives. Although there are specific tools in place to decrypt the ransomware files, successful recovery is not possible in almost all cases, once affected.
This makes ransomware a “Prevention is better than cure” scenario. Since data is not recoverable without the payment of the ransom
The team at Informant Networks has been working diligently and have been been successful in protecting our clients against such attacks. We ensure total security against such attacks as the malware and trojans can be detected before they can be executed. Contact us to know more.