Read time: 3 minutes

A new way to fight ransomware

By , Portals editor
Africa , 29 Apr 2016

A new way to fight ransomware

In February 2016 a new strain of ransomware 'Locky' made itself known, targeting users via email attachments and entering systems to manipulate and take hold of assets for 'ransom'.

Ransomware is a form of malicious software and is an example of a targeted attack designed to block access to a computer in order to extort something of value.

Panda Security says there are more than 230 000 new malware samples created daily, with Locky a recent and significant addition to the threat landscape.

Jeremy Matthews, Country Manager for Panda Security says, "The first Locky ransomware attacks targeted approximately 400,000 victims globally with infections continuing to rise."

While South African stats are not yet clear, Matthews says his company has been approached recently by a number of local organisations looking for better protection against Locky.

According to the company, South Africans are facing daily threats from ransomware, Advanced Persistent Threats (APTs) and zero-day attacks, and there is a greater need to be proactive in approach to protection.

Basic end-user advice is to refrain from opening unsolicited email attachments, to backup data offsite and not to enable macros, but Panda Security is upfront that these traditional approaches are no longer sufficient to combat cyber-criminals.

Recent news attests to the increase in threat levels and activity.

In March IT security media picked up that Petya Ransomware has moved away from the archetypical file attack and now encrypts parts of the hard drive, which means that users are unable to access anything on the drive.

At the end of the month ITWeb reported that researchers have uncovered a new family of ransomware that targets organisations via Microsoft Word and PowerShell (scripting language inherent to Microsoft operating systems.)

Call to action

Organisations and individuals are advised to back up all data, including company and personal data, and be more vigilant when it comes to harmful email attachments and the like.

"This is sound advice but does not cut to the core of the problem. Ransomware and APT's are able to bypass conventional AV software and penetrate your network," according to Panda Security.

The company has developed Adaptive Defense, a solution that combines the advantages of a traditional antivirus (prevention and blocking of attacks and remediation of infections) with advanced protection and full traceability.

The cloud based solution provides full visibility of goodware and malware, and reflects a more focused approach by the IT security industry to Endpoint Detection and Response (EDR).

It works by continuously analysing programs running on a network and automatically classifying them as either goodware or malware – and then only allowing goodware to run.

The technology incorporates a solution that uses contextual and behavioural rules to deal with vulnerabilities, particularly in situations where there is a lack of updates on systems and a common entry point for malware on a network.

According to Panda Security the service allows visual monitoring of whatever is triggering malware within a network and not only locates where the malware is housed, but also reports the actions being carried out. "So using this technology we are able to provide continuous information of the network's status – sending immediate alerts when malware enters the network and the actions being undertaken to address it," Matthews adds.

Towards the end of 2015, Fortinet argued that from a cyber security point of view, the outlook for 2016 is not great and unless businesses become tech-savvy, ready, researched and prepared, many will get burnt.

Matthews adds, "Growth of malware will continue in 2016. As monetisation remains a driving force behind the development of malware. Sophisticated programming techniques and automation are used to increase exponentially unique variants of malware".


Mobile checkpoint

Bring Your Own Device (BYOD) and the widespread use of mobile devices and applications in the workplace, as well as increased broadband connectivity, has resulted in an increase in mobile viruses and malware:

• John Ward, Systems Engineer, Africa at Fortinet, says," We all know that when broadband penetration is increased, we have an uptake in hosts being compromised and used for illicit purposes. The more bandwidth there is the more opportunity to do damage. Attacks start off as harmless probes to do recon then turn into attacks and or other strategic operations. South Africa has (and is currently having) a high attack rate."

"Cybercriminals operate as companies these days. Bear in mind too that a fair amount of recon is done to determine which hosts are vulnerable. You will find that these areas tend to move along when it's determined that the destinations being attacked / probed are well protected and that the attacking drones are being monitored and eliminated. When it comes to malware and ransomware, the attackers also have info regarding what the most used AV/Firewalls are, etc. and what will best sneak in under the radar," Ward continues.

• In November 2015 Doro Hadjizenonos, Country Manager of Check Point South Africa, said. "In the past three months we have seen an increase of 20-35% per month in the amount of attacks for recognised mobile malware families, which is much higher than the growth of general malware families. Threats targeting mobile devices are growing rapidly, but many organisations are not applying adequate security measures to protect them or their users, putting sensitive corporate data at risk. Companies need to be aware of these risks and apply security to stop mobile malware."

• Hadjizenonos has confirmed that the company's Check Point Mobile Threat Prevention offering is also available in Africa. This technology solution is specifically designed to help businesses manage and mitigate the risks of BYOD, and offer protection against mobile cyber threats.

• In line with the company's focus on mobile threat prevention, the offering includes full mobile threat visibility and intelligence, advanced mobile threat protection and integrates with existing Mobile Device Management (MDM) or Enterprise Mobility Management (EMM).

Daily newsletter