“Hackers are wising up and trying to change the predictable nature of ransomware to avoid detection,” Senior Editor Michael Nadeauwrites in a recent column for CSO Online .
Here are three of the new tricks cybercrooks are using to sharpen ransomware assaults:
Slowing the Flow
A ransomware attack essentially steals an organization’s data and then encrypts the files, effectively rendering them useless to the business. By paying a ransom, companies regain access to their information. So, to detect ransomware onslaughts, cybersecurity analysts have learned to look for hundreds or thousands of files being accessed at the same time within a short timeframe. For example, if a thousand files are accessed in 10 seconds, red flags go up. Now, cybercriminals are slowing ransomware raids, accessing and encrypting over perhaps a 10-minute period to mimic typical usage patterns. The idea is to lower the process speed below established detection thresholds.
Losing the Links
While malicious links in email messages remain the most common delivery mechanism for ransomware, some perpetrators have shifted to attachments, such as PDFs, WORD docs, JPEG photos or other common file types. Once opened, the attachment launches the malicious script that encrypts.
Ransomware assailants may not go directly at an organization’s network. Instead, they may target employees using mobile devices on unsecured networks at coffee shops, hotels or other remote locations. The malware catches a ride back to the office when authorized users log into networks. This way ransomware moves laterally onto company servers.
While increasing innovation among cybercrooks is unwelcome news, the good news is that time-tested anti-ransomware techniques remain effective. Here are four of our favorites:
Deceive the Deceivers
There’s a new class of security technology emerging called “deception tools.” These systems bait ransomware attackers with false data on decoy networks. Malware goes to work encrypting bogus information, keeping it away from real devices and data and giving cyber-monitors the chance to detect intrusions before damage is done.
Should every employee have the authority to download software applications through company networks on company-owned and/or managed devices? Probably not. Restricting permission levels can prevent malware like ransomware from running or spreading quickly. Will some employees bristle at curbed privileges? No doubt they will. But at least they may ask “Why?” which increases individual cyber-savvy. See next bullet for more.
Increase Cybersecurity Awareness and Education Programs – Here are a few tips for users:
Never open email attachments from unknown senders or sources
Avoid enabling macros from any email attachments
Never click on web links embedded in unsolicited emails
Watch for social engineering “phishing lures” that use brand names and other common language
Leave the Technical Aspects to the Expert
More and more IT Managed Services Providers (MSPs) are specializing in cybersecurity. Not only can they install and implement measures such as firewalls, they can monitor for intrusions and support recovery from incidents.