Article first posted on https://www.watchguard.com/wgrd-solutions/security-threats/ransomware
Ransomware is an increasingly common method of attack for hackers against individuals, SMBs and enterprises alike. While the first incidents of ransomware were discovered as early as 2005, the last three years have seen this type of threat explode in popularity and compromise millions of computers and mobile devices around the world.
So what is it and how does it work?
Ransomware is a type of advanced malware attack that takes hold of a device, either locking the user out entirely or encrypting files so they cannot be used. This type of attack can gain access to your device in a variety of ways. Whether downloaded from a malicious or compromised website, delivered as an attachment from a phishing email or dropped by exploit kits onto vulnerable systems, once executed in the system ransomware will either lock the computer or encrypt predetermined files. The attacker will then make themselves known with an “official” ransom demand, as well as thorough instructions and timelines on how to make a payment to either regain access to the device or to receive the decryption key for the captive files.
What about Petya 2.0?
On 27 June 2017, another virulent ransomware variant began to rapidly infect computers across the globe. Petya 2.0 (also called NotPetya by some researchers) is primarily distributed using a fake order confirmation attachment on a phishing email. After it infects the initial victim, Petya 2.0 moves laterally through the victim’s network by exploiting the same EternalBlue (MS17-010) vulnerability as the WannaCry ransomware variant, as well as by leveraging PsExec and WMIC.
Petya 2.0 works differently than traditional ransomware by encrypting the Master Boot Record (MBR) on the victim’s computer, instead of individual files. By encrypting the MBR, the victim is locked out of their operating system and files completely.
Unfortunately for organizations, news like this the new normal. WannaCry and Petya 2.0 are highly publicized attacks, and something new we don’t even know about yet just around the corner. Bottom-line, ransomware is a consistent threat to companies of all shapes and sizes, and the publicity brings to light just how critical adoption of a layered approach to security is. For example, as our Q1 Internet Security Report pointed out, 38% of malware gets past legacy AV, this is why services like IPS, sandboxing, and detection and response are so critical. No single solution is going to provide 100% coverage. There is no better time to get WatchGuard’s Total Security Suite!
Now what do you do?
The traditional advice in defending against these types of attacks includes persistent reminders to educate users, perform regular software updates and back up all critical devices. All great best-practice rules to live by, but these tips only provide a minimal, first level of defense against an advanced attack. Experts also agree that a layered approach to security is key to an active defense against ransomware. WatchGuard Total Security Suite, available with all Firebox appliances, provides strong defenses against advanced malware and ransomware. Security controls included in the Total Security Suite, such as WebBlocker, APT Blocker and Host Ransomware Prevention, help to detect and prevent common methods of ransomware attacks.
For more information on WatchGuard firewalls, or any of the other great solutions above, contact Chris Chapleau, Resurgence I.T. at (661) 219-5160 or firstname.lastname@example.org.