How ransomware can hold your business hostage. Understanding ransomware attacks and how they re delivered

Similar documents
Types of cyber-attacks. And how to prevent them

Achieve Deeper Network Security

Streamlining Web and Security

Achieve Deeper Network Security and Application Control

10 easy steps to secure your retail network

Dell Spotlight on Active Directory Server Health Wizard Configuration Guide

formerly Help Desk Authority Quest Free Network Tools User Manual

Introduction to Version Control in

Using Self Certified SSL Certificates. Paul Fisher. Quest Software. Systems Consultant. Desktop Virtualisation Group

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

Dell InTrust Preparing for Auditing Cisco PIX Firewall

Security Analytics Engine 1.0. Help Desk User Guide

Securing Endpoints without a Security Expert

Dell One Identity Cloud Access Manager How To Deploy Cloud Access Manager in a Virtual Private Cloud

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Spotlight Management Pack for SCOM

Object Level Authentication

SSL Performance Problems

Dell InTrust Preparing for Auditing Microsoft SQL Server

How to Deploy Models using Statistica SVB Nodes

HACKER INTELLIGENCE INITIATIVE. The Secret Behind CryptoWall s Success

Dell One Identity Cloud Access Manager How to Configure for High Availability

Spotlight Management Pack for SCOM

Dell Migration Manager for Enterprise Social What Can and Cannot Be Migrated

Quest vworkspace Virtual Desktop Extensions for Linux

Dell Statistica. Statistica Document Management System (SDMS) Requirements

Dell Unified Communications Command Suite - Diagnostics 8.0. Data Recorder User Guide

Understanding Enterprise Cloud Governance

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY

Can Consumer AV Products Protect Against Critical Microsoft Vulnerabilities?

Solving the Security Puzzle

Navigating the NIST Cybersecurity Framework

Dell One Identity Cloud Access Manager SonicWALL Integration Overview

Dell InTrust Preparing for Auditing CheckPoint Firewall

43% Figure 1: Targeted Attack Campaign Diagram

WHITE PAPER. Understanding How File Size Affects Malware Detection

Dell InTrust Preparing for Auditing and Monitoring Microsoft IIS

Top 10 Most Popular Reports in Enterprise Reporter

Hybrid Cloud Computing

Organized, Hybridized Network Monitoring

CSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks Date: 16/

Dell Statistica Document Management System (SDMS) Installation Instructions

SharePlex for SQL Server

Quest SQL Optimizer 6.5. for SQL Server. Installation Guide

4.0. Offline Folder Wizard. User Guide

Reverse Proxy Three Myths Busted

Perspectives on Cybersecurity in Healthcare June 2015

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

New Features and Enhancements

When attackers have reached this stage, it is not a big issue for them to transfer data out. Spencer Hsieh Trend Micro threat researcher

Managing the Risk of Privileged Accounts and Privileged Passwords in Defense Organizations

Internet threats: steps to security for your small business

ChangeAuditor 5.6. For Windows File Servers Event Reference Guide

Dell Statistica Statistica Enterprise Installation Instructions

Beyond the Hype: Advanced Persistent Threats

Everyone s online, but not everyone s secure. It s up to you to make sure that your family is.

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

RESEARCHBRIEF. Beyond Online Gaming Cybercrime: Revisiting the Chinese Underground Market

Best Practices for Secure Mobile Access

Managing the Risk of Privileged Accounts and Privileged Passwords in Civilian Agencies

The Business Case for Security Information Management

formerly Help Desk Authority Upgrade Guide

Logging and Alerting for the Cloud

APPLICATION NOTE. Secure Personalization with Transport Key Authentication. ATSHA204A, ATECC108A, and ATECC508A. Introduction.

STOP Cybercriminals and. security attacks ControlNow TM Whitepaper

Cloud Identity Management Tool Quick Start Guide

Ensuring a Successful Migration, Consolidation or Restructuring

Dell One Identity Cloud Access Manager How to Develop OpenID Connect Apps

WEB ATTACKS AND COUNTERMEASURES

How To Use Shareplex

Quest Collaboration Services 3.5. How it Works Guide

Foglight. Dashboard Support Guide

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

Active Directory Auditing: What It Is, and What It Isn t

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

A Layperson s Guide To DoS Attacks

formerly Help Desk Authority HDAccess Administrator Guide

Breach Found. Did It Hurt?

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses

Desktop Authority vs. Group Policy Preferences

Protecting Your Network Against Risky SSL Traffic ABSTRACT

DATA GOVERNANCE EDITION

Understanding and Configuring Password Manager for Maximum Benefits

white paper Malware Security and the Bottom Line

Eight Ways Better Software Deployment and Management Can Save You Money

ChangeAuditor 6.0 For Windows File Servers. Event Reference Guide

How To Secure An Rsa Authentication Agent

Quest Collaboration Services How it Works Guide

Dell Enterprise Reporter 2.5. Configuration Manager User Guide

CSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks - 5 month later Date: 19 th October 2007

Securing OS Legacy Systems Alexander Rau

Internet Explorer Exploit Protection ENTERPRISE BRIEFING REPORT

11 ways to migrate Lotus Notes applications to SharePoint and Office 365

Dell One Identity Cloud Access Manager Installation Guide

DevOps for the Cloud. Achieving agility throughout the application lifecycle. The business imperative of agility

Go beyond basic up/down monitoring

Copy Tool For Dynamics CRM 2013

COULD YOUR BUSINESS SURVIVE A CRYPTOR? Learn how to guard against crypto-ransomware. #SecureBiz

Transcription:

How ransomware can hold your business hostage Understanding ransomware attacks and how they re delivered

Introduction Ransomware is a form of malware that denies access to data or systems until the victim pays the cybercriminal a ransom fee to remove the restriction. It has been around for many years but has recently become much more popular and profitable. CryptoLocker, CryptoWall and RSA4096 are examples of well-known ransomware. According to the FBI, more than $209 million has already been paid in the first three months of 2016 1 in the United States, compared to $25 million in ransom all of the previous year. 1 http://sd18.senate.ca.gov/news/4122016-bill-outlawing-ransomware-passes-senate-committee 2

How ransomware works Ransomware can make its way onto a system through a variety of means, with the victim ultimately downloading and installing a malicious application. Once on the device, the app will spread throughout the system and encrypt files on the hard drive or simply lock the system itself. In some cases, it may block access to the system by displaying images or a message across the device s screen to persuade the user to pay the malware operator a ransom for the encryption key to unlock the files or system. Bitcoins are a popular form of ransomware payment because the digital currency is difficult to trace. 3

Phishing emails One of the most common distribution methods of ransomware is phishing emails. These types of emails attempt to entice recipients to open an email and click on a website link. The site may ask for sensitive information or contain malware, such as ransomware, that is downloaded onto the victim s system. 23% of recipients open phishing emails and 11% actually click on the attachments 1. 1 2015 Verizon Data Breach Investigation Report 4

Malvertisements Another popular form for distributing ransomware is malvertising, or malicious advertising, which uses online advertisements to spread ransomware. The attacker infiltrates advertising networks, sometimes posing as a fake advertiser or agency, and inserts malware-laden ads into legitimate websites. Unsuspecting visitors to the sites don t even need to click on the advertisement for their system to become infected. In addition to launching ransomware, malverts can be used to extract customer credit card numbers, Social Security numbers and other confidential information. 5

Exploitation of unpatched systems and applications Many attacks are based on known vulnerabilities in operating systems, browsers and common apps. Cybercriminals are able to exploit these vulnerabilities to launch their ransomware attacks against systems that are not up to date with the latest software patches. Unpatched operating systems, browsers and applications may contain vulnerabilities that cybercriminals can exploit to launch ransomware attacks. 6

External devices External devices, such as USB drives, are used to store and transfer files making them targets for spreading ransomware across multiple systems. Some of these files contain an advanced feature known as macros that can be used by hackers to execute ransomware when the file is opened. Microsoft Word, Excel and PowerPoint are prime targets, although Microsoft has taken steps to tighten security for this threat in Office 2016. 7

Why traditional methods fail to prevent ransomware attacks Many of the traditional security controls often fail to detect ransomware if they are only looking for unusual behavior and standard indicators of compromise. Once on the system, ransomware behaves like a security application and it can deny access to other systems/programs. It usually leaves the underlying files and systems unaffected and only restricts access to the interface. Ransomware, coupled with social engineering, can create a very effective attack. 8

Hidden ransomware Ransomware can also go undetected in firewalls that are unable to decrypt and inspect SSL-encrypted web traffic. Legacy network security solutions typically either don t have the ability to inspect SSL/TLSencrypted traffic or their performance is so low that they become unusable when conducting the inspection. Increasingly, cybercriminals have learned how to hide malware in encrypted traffic. The use of Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption continues to surge, leading to underthe-radar hacks affecting at least 900 million users in 2015. 2 2 2016 Dell Security Annual Threat Report 9

Conclusion Dell Security can enhance protection across your organization by inspecting every packet and governing every identity. As a result, this protects your data wherever it goes, and shares intelligence to safeguard against a variety of threats, including ransomware. Visit the Dell SonicWALL Network Security Products web page. 10

About Dell Security Dell Security solutions help you create and maintain a strong security foundation with interconnected solutions that span the enterprise. From endpoints and users to networks, data and identity, Dell Security solutions mitigate risk and reduce complexity so you can drive your business forward. www.dell.com/security If you have any questions regarding your potential use of this material, contact: Dell 5455 Great America Parkway, Santa Clara, CA 95054 www.dell.com/security Refer to our Web site for regional and international office information. 2016 Dell, Inc. ALL RIGHTS RESERVED. This document contains proprietary information protected by copyright. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose without the written permission of Dell, Inc. ( Dell ). Dell Security logo and products as identified in this document are trademarks or registered trademarks of Dell, Inc. in the U.S.A. and/or other countries. All other trademarks and registered trademarks are property of their respective owners. The information in this document is provided in connection with Dell products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Dell products. EXCEPT AS SET FORTH IN DELL S TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, DELL ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON- INFRINGEMENT. IN NO EVENT SHALL DELL BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF DELL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Dell makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Dell does not make any commitment to update the information contained in this document. Ebook-NS-Ransomware-US-VG-29223 11

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information