Dubai PR Network, Online Press Release from Dubai and Middle East
 
Technology, Computers & IT(Technology)
Filter PR by
  
Sophos shows how the most prevalent and persistent ransomware families attack victims
 

 

Sophos (LSE: SOPH), a global leader in next-generation cybersecurity, has published How Ransomware Attacks, a playbook for defenders that explains how ransomware variants attack and impact victims. The playbook complements the 2020 Threat Report released on Nov. 4, and features a detailed analysis of 11 of the most prevalent and persistent ransomware families, including Ryuk, BitPaymer and MegaCortex.

The research by SophosLabs highlights how ransomware tries to slip unnoticed past security controls by abusing trusted and legitimate processes, and then harnesses internal systems to encrypt the maximum number of files and disable backup and recovery processes before an IT security team catches up.

The tools and techniques covered by the playbook include:

The main modes of distribution for the major ransomware families

Ransomware is typically distributed in one of three ways: as a cryptoworm, which replicates itself rapidly to other computers for maximum impact (for example, WannaCry); as ransomware-as-a-service (RaaS), sold on the dark web as a distribution kit (for example, Sodinokibi); or by means of an automated active adversary attack, where attackers manually deploy the ransomware following an automated scan of networks for systems with weak protection. This automated, active attack style was the most common approach seen among the top families listed in the report.

Cryptographic code signing ransomware with a bought or stolen legitimate digital certificate in an attempt to convince some security software the code is trustworthy and doesn’t need analysis. 

Privilege escalation using readily available exploits, like EternalBlue, to elevate access privileges. This allows the attacker to install programs such as remote access tools (RATs), and to view, change or delete data, create new accounts with full user rights, and disable security software.

Lateral movement and hunting across the network for file and backup servers while staying under the radar in order to unleash the full impact of the ransomware attack. Within an hour, attackers can create a script to copy and execute the ransomware on networked endpoints and servers. In order to speed up the attack, the ransomware might prioritize data on remote/shared drives, target smaller document sizes first, and run multiple encryption processes at the same time.

Remote attacks

The file servers themselves are often not infected with the ransomware. Instead, the threat typically runs on one or more compromised endpoints, abusing a privileged user account to remotely attack documents, sometimes via the Remote Desktop Protocol (RDP) or targeting remote monitoring and management (RMM) solutions typically used by managed service providers (MSP) to manage customers’ IT infrastructure and/or end-user systems.


File encryption and renaming

There are a number of different methods for file encryption, including simply overwriting the document, but most are accompanied by either the deletion of the backup or original copy to hinder the recovery process.

The playbook explains how these and other tools and techniques are implemented by 11 ransomware families: WannaCry, GandCrab, SamSam, Dharma, BitPaymer, Ryuk, LockerGoga, MegaCortex, RobbinHood, Matrix and Sodinokibi.

“The creators of ransomware have a pretty good grasp of how security software works and adapt their attacks accordingly. Everything is designed to avoid detection while the malware encrypts as many documents as possible as quickly as possible and makes it hard, if not impossible, to recover the data. In some cases, the main body of the attack takes place at night when the IT team is at home asleep. By the time the victim spots what’s going on, it is too late. It is vital to have robust security controls, monitoring and response in place covering all endpoints, networks and systems, and to install software updates whenever they are issued,” said Mark Loman, director of engineering for threat mitigation technology at Sophos, and the author of the report.

How to protect against ransomware

Check that you have a full inventory of all devices connected to your network and that any security software you use on them is up to date
Always install the latest security updates, as soon as practicable, on all the devices on your network
Verify that your computers are patched against the EternalBlue exploit used in WannaCry by following these instructions: How to Verify if a Machine is Vulnerable to EternalBlue - MS17-010
Keep regular backups of your most important and current data on an offline storage device as this is the best way to avoid having to pay a ransom when affected by ransomware 
Administrators should enable multi-factor authentication on all management systems that support it, to prevent attackers disabling security products during an attack
There is no silver bullet to security, and a layered security model is the best practice all businesses need to implement
For example, Sophos Intercept X  employs a comprehensive defense-in-depth approach to endpoint protection, combining multiple leading next-gen techniques to deliver malware detection, exploit protection and built-in endpoint detection and response (EDR)
The complete How Ransomware Attacks playbook, as well as a SophosLabs Uncut article, How the Most Damaging Ransomware Evades IT Security, are available.


Posted by : Dubai PR Network Editorial Team
Viewed 4581 times
PR Category : Technology
Posted on : Thursday, November 21, 2019  10:47:00 AM UAE local time (GMT+4)
Replication or redistribution in whole or in part is expressly prohibited without the prior written consent of DubaiPRNetwork.com.
Previous Story : Elematic Showcases Their Latest Innovations in Precast Concr...
Next Story : Lenovo DCG Showcases Smarter Technology for All During Third...
Email this article Print this article

Share this article with your friends and followers
NewsVine
Back to Section Home

Related Stories



 
 
Most Viewed Press Release posted in the last 7 days
Pandora ME for Every Side of You [5646-Views]
Your Guide to Choosing the Right Face Mask [4211-Views]
10 Million Plastic Packaging Saved: Grohe Launches Initiative to Reduce Plastic [3350-Views]
Meet the #Sephorasquad Middle East Members! [2977-Views]
Karl Lagerfeld Announces Collaboration With Designer Kenneth Ize [2657-Views]
Taste the Summer With Wild & the Moon's Latest Menu Drop! [2538-Views]
Discover the Perfect Gift This Eid Al Adha From Rasasi Perfumes [2517-Views]
Nahdi Medical Company Transforms its Financial Management with Infor [2464-Views]
Dubai Well Poised for Growth in New Business Entities' [2321-Views]
70 Percent of Businesses Increase or Maintain Digital Transformation Spend Amid Pandemic, ... [2296-Views]
Kia Launches ‘Live Stream Showroom' to Offer Customers an Innovative Digital Experience [2255-Views]
Toric Tourbillon Slate'' [2247-Views]
IMG Worlds is Back This Friday Park Entry Price at AED 20 Only [2243-Views]
Amp Up Your Beauty Routine With New Products From Missha Cosmetics [2218-Views]
Alstom at Forefront of Hygiene & Safety Innovation for Transport & Mobility in a COVID-19 ... [2185-Views]
UAE Ranks in Top 10 on Kpmg's 2020 Global Autonomous Vehicles Readiness Index, for Third C... [2181-Views]
Comprehensive Study of Refugee Children's Academic, Social, and Emotional Learning Outcome... [2173-Views]
Celebrate Eid with Steve Madden [2050-Views]
Three UAE Students Bag Coveted Princess Diana Award for Outstanding Social Initiative [2046-Views]
17-Year Old Smashed a Guinness World Records Title in His Bedroom [2029-Views]
Dubai Sports World Marks Official Opening at Dubai World Trade Centre [2013-Views]
Dubai Startup Hub and Dtec Announce Winners of Emirati Development Programme [1993-Views]
Dubai Culture Wins Excellence Award From Arab Federation for Libraries and Information [1968-Views]
Champion Cleaners Launch New Home and Office Sanitization Service [1919-Views]
Al Habtoor Motors Launches Summer Surprises Stock clearance on Mitsubishi SUVs 2019 Model... [1911-Views]
 
RSS Facebook Twitter LinkedDin
 
Top Sections
 
Top Stories