2 of the 3 major ransomware families responsible for 90% of ransomware attacks are Locky and Cerber Ransomware families. They are acutely notorious in hiding in plain sight. The camouflage helps the ransomware to hide inside the system and attack when unexpected. Once they encrypt the files there is no other way except to pay the ransom to retrieve the file.
Ransomware has increasingly become a big industry with low-risk and high monetary benefits associated with it. Literally every device is a direct. There are ransomware spurring like mushrooms every few months. We heard about Spora, PetrWrap, Kirk, Goldeneye, etc.
Locky and Cerber can successfully bypass the existing security detection systems and bury inside NSIS (Nullsoft Scriptable Install System) installer hiding under several layers of obfuscation before executing. In November, last year the cyber criminals where using holes in Facebook and Linkedin to download malicious code onto user’s system via an image file. In 2016, a hospital in California ended up paying 40 bitcoins (apprx $17,000) after the ransomware hit their systems.
Cerber ransomware first appeared in March 2016. It is supposedly distributed as a service which means that it is another Ransomware-as-a-service product where affiliates can join. It uses AES encryption and demands about 1.24 bitcoins, apprx $500. To upset the victim the cerber ransomware talks to you via the speaker of your device.
Locky has been active since February, 2016. The name directly means that the malware scrambles all the files and renames them with extension ‘. Locky’.
What can companies do?
- Train
- Companies should have a well thought cyber security plan.
- Security should be built in the minds of people. Developing an attitude towards security via training is very crucial.
- Regular reporting of incidences.
- Increase in the protection cover
- There is an ever-growing threat from malware, particularly ransomware given the benefits of the attack to the attackers.
- The cyber criminals are getting extremely sophisticated via encryptions, using malware codes as products (RaaS).
- Improve e-mail and web security.
- Inculcating Data leakage protection and updating security patches regularly.
- Always plan for an attack
- A business continuity plan under attack should be tested and ready.
- Sensitive data should have different levels of protection.
- Always backup
- The systems should always be backed up to date.
Logix Infosecurity provides the latest tools and expertise to keep your organization safe from cyber threats. It’s never too late to implement the cyber security measures until you are the victim!