Despite the fact that almost every organization uses an antivirus product, there are many companies that fall victim to ransomware or cryptolockers.
The anatomy of an attack
If we look at today’s threats, we see that relying on antivirus and backups alone is no longer enough. Techniques to trick the virus scanner are becoming more sophisticated, making it difficult to stop ransomware. To understand how cryptolockers work (cryptolockers and ransomware are the same) it is important to know which components a cryptolocker consists of: a vulnerability, an exploit and a payload.
Ransomware always uses a vulnerability to get in. There are two flavors in this: either an employee who clicks on an incorrect link, or a vulnerability in a computer system. The latter category is the most dangerous: without your having to do anything, criminals can take your entire company hostage.
Did you know that the biggest ransomware attacks in history exploited vulnerabilities in computer systems for which a solution had long been available?
An exploit is part of the software that a hacker places to actually exploit a leak. It is a small piece of computer code that can take over the computer and sometimes even entire companies.
Once cyber criminals take control of the computer, it is time to tell the computer what to do. In the case of ransomware, all files are encrypted and spread. Sometimes this is also delayed, so that the malicious code can also nestle in the backups. But since the hacker has access, he can also use this access for corporate espionage, for example.
How can you prevent ransomware?
Now that we know how an attack works, we can use this knowledge to prevent an attack. We can do this by removing the vulnerability. This is often as simple as installing Windows Updates!
Vulnerabilities can also be introduced by problems other than outdated software, such as software misconfiguration. By implementing vulnerability management software such as NetCaptain for your ICT infrastructure, you ensure that you do not fall victim to ransomware.
Do you want to know if you are safe from ransomware? Then contact us.