Ransomware has mutated into many different forms — and it’s not always easy to catch them all, but here are some things you can do.

Sean Martin, CISSP | President, imsmartin

June 22, 2016

7 Slides

With the introduction of the CryptoLocker Trojan in September 2013, the cyber-plague we now know as ransomware was unleashed on the Internet. From its simple beginnings, ransomware has mutated into many different forms — and it’s not always easy to catch them all.

“There are now well over one hundred different strains, and the end is nowhere in sight,” says Stu Sjouwerman, founder and CEO of KnowBe4.

The sheer number of malware variants demonstrates ransomware’s strong appeal, where many aspiring cybercriminals — big and small — are trying to muscle their way onto the scene with increasingly sophisticated digital tools.

“It is only a matter of time before one of these guys gets smart and starts analyzing the files on disk or file server to see which are recent and/or shared, or sit in a directory that indicates high value like accounting, design, or software development,” Sjouwerman predicts.

To date, traditional signature-based computer security products have been unable to effectively combat ransomware. And the problems are getting worse, because there’s so much for the bad actors to gain, and nothing for them to lose.

Igor Baikalov, chief scientist at Securonix, explains ransomware's allure this way: "...the barriers to entry are low, the payoffs are high, operations are scalable, and risk is negligible compared to the physical hold-up in a dark alley.”

Meanwhile, ransomware continues to evolve and competition amongst the criminals is fierce — and it spans the globe. 

“These mostly Eastern European cyber mafias are investing a lot of money in ‘new feature’ development such as new strains that function as a worm, strains that obtain admin privileges, a strain that adds a DDoS bot to the machine, and others that literally pull some encrypted files off the victim machine up into their control and command server — this bring us into data breach territory,” Sjouwerman says.

Criminals are moving quickly. The industry must move faster to combat these threats, experts say.

“Within the year, we will see fully-automated ransomware targeting all machines on a company’s network, using multiple methods of attack and delivering multiple types of payloads,” Sjouwerman says.

Here's how to build a defense-in-depth strategy to help you prepare for a ransomware attack — with the goal of not having to pay the ransom.

Note: imsmartin would like to thank Chris Whidden, Solution Engineer at eSentire, Stu Sjouwerman, founder and CEO of KnowBe4, and Igor Baikalov, Chief Scientist at Securonix, for their contributions to this slideshow.

Related Content:

 

About the Author(s)

Sean Martin

CISSP | President, imsmartin

Sean Martin is an information security veteran of nearly 25 years and a four-term CISSP with articles published globally covering security management, cloud computing, enterprise mobility, governance, risk, and compliance—with a focus on specialized industries such as government, finance, healthcare, insurance, legal, and the supply chain

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights