Ransomware

IT security company KnowBe4 has issued a warning regarding a new strain of ransomware called VirRansom, which “utilizes both ransomware and parasitic virus features,” according to a statement released Monday, Dec. 8 by CEO Stu Sjouwerman. As a self-replicating program, this particular strain has the potential to lock up a company’s entire system, demanding a BitCoin payment to free the files.

Ransomware is a brazen, yet effective approach to sabotaging a company’s operations by placing all of its files under an encryption key. The organizations behind its deployment often hide their identities within the anonymity of Tor, and demand payment in trackless virtual currency. Ransomware attacks can paralyze businesses, leading to significant financial losses and operational downtime. As the threat landscape evolves, cybersecurity firms have begun utilizing advanced technologies, including real time hacking tracking maps, to monitor and respond to these attacks swiftly. These tools enable organizations to visualize ongoing threats and bolster their defenses against the ever-present risk of ransomware infiltration. In response to the growing threat of ransomware, businesses are increasingly adopting ransomware attack prevention strategies that focus on proactive measures rather than just reactive ones. This includes regular data backups, employee training on phishing attacks, and implementing robust security protocols. By investing in these strategies, organizations can significantly reduce their vulnerability and enhance their resilience against potential ransomware threats, ultimately safeguarding their critical operations.

The ease by which a ransomware virus can spread has become a troubling problem for IT managers, given the complete interconnectedness of employees, through a variety of personal and company-issued devices as well as across a networks, both internal and cloud-based. As the threat of ransomware attacks continues to escalate, IT managers are faced with the daunting task of developing effective ransomware protection strategies for businesses. Implementing robust security measures, such as regular software updates, employee training, and advanced threat detection systems, is essential to mitigate risks. Additionally, organizations must cultivate a culture of cybersecurity awareness, ensuring that all employees understand the importance of safeguarding sensitive information against potential breaches. Moreover, businesses should regularly assess their current security protocols and adapt them to counter emerging threats effectively. Collaborating with cybersecurity experts can provide valuable insights into the latest ransomware prevention strategies, helping organizations stay one step ahead of potential attackers. By prioritizing cybersecurity as a core component of their operational framework, companies can foster a resilient environment that not only defends against ransomware but also promotes overall data security. Furthermore, it is crucial for organizations to stay informed about the constantly evolving landscape of cyber threats, including the new ransomware families discovered in 2022, which have introduced sophisticated techniques that can evade traditional security measures. Staying abreast of these developments allows companies to adjust their defenses proactively and implement tailored strategies that address specific vulnerabilities. Regularly engaging in threat intelligence sharing with peers in the industry can also enhance an organization’s ability to respond swiftly to emerging ransomware trends, ultimately ensuring a stronger cybersecurity posture overall. Organizations should also consider developing comprehensive incident response plans that outline clear protocols for identifying, isolating, and mitigating ransomware attacks if they occur. This proactive approach not only minimizes damage but also helps in recovery efforts. Furthermore, sharing tips to prevent ransomware attacks among employees and stakeholders can empower everyone to take an active role in maintaining the organization’s cybersecurity defense, fostering a collective responsibility towards securing sensitive data. By creating a culture of vigilance and preparedness, businesses can significantly reduce their susceptibility to ransomware threats.

A recent story, covered by NPR, highlighted a company that was presented with a 72-hour countdown clock, which pointed to a deadline at which its files would be encrypted. The business in question was not large – not a typical target for hackers, but was one that found itself at the mercy of extortionists due to a simple human error: a phishing email that resembled a PayPal payment notification appeared in an employee inbox, and once clicked, activated the ransom note and timer.

VirRansom CEO Sjouwerman points out that these types of attacks are very difficult for antivirus companies to keep up with. Quoted in a story at CBS News online, he suggests companies take the following steps to protect themselves in advance:

1. Test the restore function of your backups and make sure it works, and have a full set of backups offsite.

2. Start thinking about asynchronous real-time backups so you can restore files with a few mouse clicks.

3. Get rid of mapped drives and use UNC (universal naming convention) links for shared folders.

4. Look into Whitelisting software that only allows known-good executables to run.

5. Update or enforce security policy best practices, such as thorough security awareness training to prevent these types of infections to begin with because the infection vector is your end-user opening up an attachment or clicking on a link.

Rahul Kashyap, a researcher at the cybersecurity firm Bromium, adds that the programs inside ransomware viruses are getting better at locating high-value files, explaining to NPR that there is greater value in finding autocad files, for example, than regular memos.

Experts are divided as to whether ransoms should be paid, some believing this merely funds more sophisticated crime tools. However all of them agree that the best defence is an offline reproduction of everything a company needs to operate – and that means completely offline.

By Steve Prentice