Reading time: 3 minutes
Ransomware is getting smarter. Where in the past only one computer was encrypted, nowadays it is digging further and further into a network in search of databases or backups, for example. And once they have found them and encrypted them, the damage caused in one fell swoop is huge as well as the impact on business operations.
Nowadays, we see more and more advanced ransomware attacks in which the time span that malicious software or a hacker is present in a network is increasing. Once ransomware or a hacker, by exploiting a vulnerability, for example in Windows, is inside the network, they first settle down and do not take immediate action. They crawl through the network and in the meantime look at the network traffic to find out where important data is. Once they have found it and mapped out the network, they strike and encrypt everything at the push of a button. Early detection is therefore very important.
There is not just a single fixed way in which viruses are spread, there is a multitude of ways in which ransomware can be spread. Think for example of an infected link in an e-mail, opening an infected file via for example WeTransfer or DropBox, an infected website, an infected USB stick. There are numerous possibilities.
Our advice is to at least have the basis in order. Think of good firewalls, antivirus software, performing regular updates for the operating system and awareness training for employees. Furthermore, important data and backups should be kept offline. In general, however, this takes a lot of time and therefore money. Backups need to be checked, multiple copies need to be kept up to date and everything needs to be stored separately. It is the only way to really secure data. It is a cumbersome procedure, but it is a consideration that a director or system administrator should take seriously. The size of any possible data loss and what is the damage in the event of an attack and what is the impact when a network is down for several weeks. Do not only think about the practical aspects but also about the damage to your image. There are plenty of examples.
A very good way to detect malicious traffic, such as ransomware software, at an early stage before it can cause damage, is by placing passive sensors in your network. These sensors, also known as Honeypots, present themselves as interesting parts of your network, but on contact, they immediately generate an alarm that you receive on your phone as an SMS, or by e-mail. Think of them as ‘booby traps’ that an attacker cannot see. In the case of early detection, immediate action can be taken and a lot of damage can be prevented.
DeepBlue’s sensors have already proven their role in ransomware attacks such as ‘CryptoLocker’, ‘Petya’, and ‘WannaCry’.
Want to know more about our Honeypot solution or our other services? You can reach us at +31 (0) 30 691 1223 and info@DeepBlueSecurity.nl.
DeepBlue Security & Intelligence is a cybersecurity specialist that stands for quality and trust. We provide all the necessary services to get and keep your security in order. Think for example of penetration testing, threat intelligence, detection software and consultancy. Should you unexpectedly become a victim of cybercrime, our forensic and network specialists can help you with taking the necessary steps.