Ransomware: Anti-virus alone is not enough

Despite the fact that almost every organization uses an antivirus product, there are many companies that fall victim to ransomware or cryptolockers.

The anatomy of an attack

If we look at today’s threats, we see that relying on antivirus and backups alone is no longer enough. Techniques to trick the virus scanner are becoming more sophisticated, making it difficult to stop ransomware. To understand how cryptolockers work (cryptolockers and ransomware are the same) it is important to know which components a cryptolocker consists of: a vulnerability, an exploit and a payload.

The vulnerability

Ransomware always uses a vulnerability to get in. There are two flavors in this: either an employee who clicks on an incorrect link, or a vulnerability in a computer system. The latter category is the most dangerous: without your having to do anything, criminals can take your entire company hostage.

Did you know that the biggest ransomware attacks in history exploited vulnerabilities in computer systems for which a solution had long been available?

The exploit

An exploit is part of the software that a hacker places to actually exploit a leak. It is a small piece of computer code that can take over the computer and sometimes even entire companies.

The payload

Once cyber criminals take control of the computer, it is time to tell the computer what to do. In the case of ransomware, all files are encrypted and spread. Sometimes this is also delayed, so that the malicious code can also nestle in the backups. But since the hacker has access, he can also use this access for corporate espionage, for example.

How can you prevent ransomware?

Now that we know how an attack works, we can use this knowledge to prevent an attack. We can do this by removing the vulnerability. This is often as simple as installing Windows Updates!

Vulnerabilities can also be introduced by problems other than outdated software, such as software misconfiguration. By implementing vulnerability management software such as NetCaptain for your ICT infrastructure, you ensure that you do not fall victim to ransomware.

Do you want to know if you are safe from ransomware? Then contact us.

More information about our solutions

Do you want to make sure that your websites, apps or systems are free from vulnerabilities? Our experts are happy to work for you. For more information about our pentests or other services, please feel free to contact us via the contact form below. We are happy to tell you what we can do for you.

    Contact

    Randstad 22 147
    1316BM Almere

    info@cyberant.nl
    +31 (0)85 047 1590