{"id":2719,"date":"2017-08-15T10:04:54","date_gmt":"2017-08-15T02:04:54","guid":{"rendered":"https:\/\/www.microdium.net\/public\/?p=2719"},"modified":"2017-08-15T10:04:54","modified_gmt":"2017-08-15T02:04:54","slug":"5-top-ransomware-exploits-know","status":"publish","type":"post","link":"https:\/\/www.microdium.com\/public\/2017\/08\/15\/5-top-ransomware-exploits-know\/","title":{"rendered":"5 Top ransomware exploits that you should know"},"content":{"rendered":"<p>We used to call the Internet the \u201cinformation super-highway\u201d back in the day, when connections were slow, bulletin boards and gopher were about as techie as it got. Those days are long gone, but something of the \u2018highway\u2019 has remained, like a bad smell, one that has come back to haunt us in 2017\u2026 The highway robber!<\/p>\n<p>The person who went about their villainy on the trade routes and highways of the world, extorting money and valuables from unsuspecting travellers with a simple threat \u2013\u2013 \u201dyour money or your life\u201d \u2013\u2013 reinforced of course with the trademark flintlock pistol and sabre.<\/p>\n<p>Today\u2019s highway robber is a lot more sophisticated and savvy. They take far less risk and turn to the latest technology to extort you out of your money by threatening your valuables. In this case your data, your technology and most probably your computing ability.<\/p>\n<p>Of course, I\u2019m talking now about ransomware, the threat that\u2019s been in the news almost every day for the past couple of months. The tool of choice for the modern highway robber has become headline news around the world with variants such as WannaCry and the more recent Popcorn Time. Organizations around the world have been affected by this ransomware, from the UK National Health Service, through to the Russian Postal Service in the last few weeks.<!--more--><\/p>\n<p>Interestingly, WannaCry leverages a previously known vulnerability in the Windows operating system, which is alleged to have been hoarded by a national security agency of the USA. In this case a vulnerability which allowed the ransomware to be especially successful in both current and older versions of Windows, such as XP and Windows 7, by using a weakness in their inbuilt SMB networking functionality. Even when out of support, there are still organisations using Windows XP and putting themselves at risk.<\/p>\n<p>Luckily however an enterprising security researcher managed to find a kill switch written into some variants of WannaCry, in the form of a phone-home domain which hadn\u2019t been registered by the malware\u2019s author. Registering the domain seemed to give these variants of the malware the dead letter box it was looking for in order to shut down, thus halting the attack.<\/p>\n<p>After intense examination of WannaCry\u2019s tactics by the security community, we now know the infection spread within organizations by means of leveraging SMB connections. And, while patching the known vulnerability (as the patch had been out for over a month) helps sqelch WannaCry\u2019s ability to spread, there are a broad range of ransomware sources through which you can get infected, such as:<\/p>\n<ul>\n<li><strong>Trojans<\/strong>\u00a0\u2013 Perhaps the most common and the ransomware attack source we read the most about. Email attachments that contain malicious macro attachments are the chosen method here.<\/li>\n<li><strong>Removable media<\/strong>\u00a0\u2013 Perhaps the most likely ransomware source of infection for the majority of malware in an enterprise, whether it\u2019s ransomware or something more nefarious. Especially for those organisations that don\u2019t lock down their USB ports. USB sticks and removable media are a very simple way to infect a PC as users generally trust those devices. A\u00a0<a href=\"https:\/\/zakird.com\/papers\/usb.pdf\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">study<\/a>\u00a0by Google and two US universities showed that dropping USB sticks in public places was a simple and effective way to trigger human curiosity, with a full 49% of the \u2018bait USBs\u2019 being plugged into a computer by people who found them. Imagine if those\u00a0<em>had<\/em>\u00a0been malicious?<\/li>\n<li><strong>Malvertising<\/strong>\u00a0\u2013 Malver-what-now? A portmanteau of malicious advertising. Where attackers compromise the weak infrastructure of an online ad network that serves adverts to legitimate websites. Therefore, when users view those adds, usually on well-known news websites, they can be used to trick browsers into downloading malware through the page display ads. Exploit kits such as Angler and Neutrino are often used as the initial dropper of the malware, which often then allows cyber criminals complete control of the infected endpoint. Ransomware is just one of the common outcomes of these watering-hole or drive-by attacks.<\/li>\n<li><strong>Social media and SMS<\/strong>\u00a0\u2013 The prevalence of shortened links used on social media platforms and in SMS text messages gives attackers a superb mechanism to deliver ransomware and malware. Users rarely, if ever, check the destination of shortened links in social media, SMS or even email and attackers know this. Security solutions that \u2018link-follow\u2019 are increasing in popularity, but not fast enough. Ransomware delivered through shortened links is also often JavaScript based and requires little action on the users\u2019 part, other than to click the link.<\/li>\n<li><strong>Ransomware-as-a-Service<\/strong>\u00a0\u2013 RaaS? Yes, it does exist, as one of the many \u2018Crime-as-a-Service\u2019 networks. (Yes, those exist too). RaaS allows criminals of any variety to become instant cyber criminals, to the extent we\u2019re seeing a drop off in classic crime like burglary, as RaaS is far a less risky ransomware source for them. RaaS and CraaS have given rise to vast affiliate networks too, where ransomware is easy to deploy and manage for almost anyone and where the earning potential is significant. I use this example to demonstrate the sophistication and motivation of the cybercriminals behind ransomware. Ignore them at your peril.<\/li>\n<\/ul>\n<p>Of course, we\u2019re used to thinking of ransomware as an email-specific or Trojan-based attack and that\u2019s certainly the most common route it takes, but we should note that once ransomware makes its way into your business, ransomware creators will attempt to take as many routes possible to ensure as widespread an infection as is possible.<\/p>\n<p>What all of these attacks and the breadth of ransomware sources show us is that it\u2019s a live and hostile environment on the information super-highway and that for all the good we do, there are still people intent on exploiting, stealing, violating and pillaging our assets. Don\u2019t be under any illusion they\u2019re not motivated either; ransomware is a great money earner for them so don\u2019t expect the attacks to die down anytime soon. Technologically not doing your best is not an option either. Sitting back hoping Windows XP or 7 will \u201cstruggle on for a little longer\u201d or that those patches you didn\u2019t deploy don\u2019t matter is not a sensible strategy. Remember there are books written about hope not being a strategy, so don\u2019t fall into that trap.<\/p>\n<p>Patch your stuff, back up your valuables and keep an eye out for the highway robbers.<\/p>\n<p>Stay safe out there.<\/p>\n<h6 class=\"eb-brand-name reset-heading\">DRJ Blogs 8th August 2017<\/h6>\n","protected":false},"excerpt":{"rendered":"<p>We used to call the Internet the \u201cinformation super-highway\u201d back in the day, when connections were slow, bulletin boards and gopher were about as techie as it got. Those days are long gone, but something of the \u2018highway\u2019 has remained, like a bad smell, one that has come back to haunt us in 2017\u2026 The [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2719","post","type-post","status-publish","format-standard","hentry","category-blog"],"_links":{"self":[{"href":"https:\/\/www.microdium.com\/public\/wp-json\/wp\/v2\/posts\/2719","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.microdium.com\/public\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microdium.com\/public\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microdium.com\/public\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microdium.com\/public\/wp-json\/wp\/v2\/comments?post=2719"}],"version-history":[{"count":0,"href":"https:\/\/www.microdium.com\/public\/wp-json\/wp\/v2\/posts\/2719\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.microdium.com\/public\/wp-json\/wp\/v2\/media?parent=2719"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.microdium.com\/public\/wp-json\/wp\/v2\/categories?post=2719"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microdium.com\/public\/wp-json\/wp\/v2\/tags?post=2719"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}