Monday, 25 December 2017

Top malware threat of 2017 | Ransomware!!!

INDIAN CYBER ARMY is a Registered Non-Profit Organization & RESOURCE CENTER for Police, Investigation Agencies, Research Centers, Ethical Hackers, Industry Experts, Government Agencies, Academic Leaders & Individuals together to fight against intelligence threats and cyber crimes.

Indian Cyber Army has found some of the reasons why ransomware attack becomes one of the most dangerous cyber attacks as per company’s perspective.

The top malware listed below were responsible for approximately 56% of all new malware infections reported by the MS-ISAC in 2017. This was an increase of almost eight percentage points from March and continues an upward trend since it bottomed out in January to 43%.

Every month the on maps the Top Malware to infection vectors. This is done by using open source observations and reports on each malware type. The MS-ISAC observed a continued increase in spam and malware droppers, while malvertising continued to decline.

The news is full of blockbuster data breaches. Company A is attacked and loses one zillion customer records. Political Party P is hacked and has its emails leaked from the world to see. Small companies hear the news and breathe of sign of relief, “Wow, we’re lucky this happens only to the big guys!”

But these attacks are only part of the story. The rest of the story – and some would say the bigger story – is the growing number of cyberattacks against small businesses. Every day, new ransomware attacks, denial-of-service attacks, phishing attacks and others, threaten the existence of thousands of businesses across the world.


Ransomware continues to harm businesses of all sizes. The number of attacks spiked in 2015 and remains high, fueled in part by the millions of dollars the scams earn for attackers. The trend shows no signs of ending soon.

How Ransomware increasing exponential in last four years:

It is a type of malware that blocks access to a victim’s assets and demands money to restore that access. Mostly all ransomware today is “crypto-ransomware,” which blocks access to a victim’s files through encryption.

Once a victim is infected, the ransomware scans the accessible local and network systems for necessary files, like those related to Microsoft Office, images, and backups. It then encrypts the files and alerts the user to the infection.

The alert includes a ransom demand and a deadline for payment. If victims do not pay in time, the ransomware destroys the decryption key and the victim’s files are rendered useless. If the payment is created in time, victims typically receive a decryption key to unlock their files (though not always)

Attacks Continue to rising
Ransomware has many different strains and they continue to multiply. A few are Locky, CryptoWall, CryptXXX, CTB-Locker, and the list goes on and on.

Though several ransomware strains area unit inactive, more have replaced them to continue creating money for thieves.

Why Ransomware is Spreading
As a way of cyber attack, ransomware has been around for over a decade. Why did it explode in use a few years gone, and what’s keeping it around?

Easy to access
A few years ago, only experts could launch a sophisticated crypto ransomware attack. Nowadays, it is as a service makes it easy for laymen to rent the architecture needed to deploy attacks and collect money. Open source versions of ransomware were also released last year, helping to fuel more growth in the crime.

Fast money
Thieves have discovered something about ransomware: it works. With modest technical skills and relatively small investment, hackers and wannabes can quickly generate thousands of dollars in extorted income. CryptoWall 3.0 alone is estimated to have earned $325 million. The FBI estimates $209 million was paid in all ransomware schemes in just the first three months of 2016.

Attacks with Narrow Targets
The average ransom demanded from victims increased in 2016, and this is driven in part by a trend of launching targeted attacks against vulnerable organizations with the means to pay quickly.

By carefully choosing targets, attackers will increase their probabilities of success and demand higher ransoms. For example, organizations with a high dependence on sensitive data strained IT staff, and deep pockets can be more lucrative targets.

Many healthcare organizations fit this profile, especially hospitals. Their growing reliance on electronic health records, which are critical to patient care, combined with a reputation for poor cybersecurity and large amounts of revenue, make them fat chickens to the wolves of cybercrime. And the wolves are on the hunt.

More Trouble Ahead
It will continue to fester in 2017, and experts say attackers are likely to begin experimenting with new tactics. Below are a few anticipated trends.
New victims targeted
Attacks on hospitals were unrelenting in 2016 and are likely to continue. However, attackers may experience diminishing returns by focusing on these targets too long. Other healthcare organizations, such as small doctor’s offices or insurance providers, may be next. Some have even suggested the targeting of medical devices, such as pacemakers, that can connect to the internet.
New hardware targeted
A change in the platforms targeted may also be on the horizon. Potential targets suggested by experts include mobile devices, point-of-sale systems, and ATMs.

New revenue streams
Attackers may also adapt ransomware to steal data as well as encrypt it. This way, they can double their money – not only by ransoming the data but also by selling it on the black market. More attackers
As ransomware continues to grow and spread, it is likely that this weapon will reach the hands of criminals who have weaker discipline and skills. This could lead to a rise in ransomware attacks that fail to decode files once a payment is formed, and also might diversify the types of victims targeted.

Protect your business
The time to prepare for a ransomware attack is not when multiple workstations in the office are flashing demands for Bitcoin payments. Steps must be taken beforehand to prevent the infection and minimize its impact.

Group policies for Windows
Group Policies are available that can block many variants of ransomware from installing in their favorite directories in Windows. The policies and additional data area unit available within the Ransomware prevention Kit from Third Tier, a Calyptix Partner. Check the resources at the end of this report for a link to Third Tier’s kit.

Backup all files
The number of small businesses that operate without backups is staggering. If such an organization is infected with ransomware, it can be a worst-case-scenario disaster. Recovery may be impossible. So always maintain file backups. Test backups regularly, at least once a month, to ensure they can easily restore lost data.

Limit access to network shares
Many ransomware variants attempt to infect shared network drives. Review all network shares and backup locations. Change their permissions to allow access only by the administrator (and/or the backup service provider). Also, when you need to mount a backup for restore purposes, make sure the permissions are set for read-only.

Install anti-virus
Install a reputable anti-virus on all workstations, such as Avast, Microsoft Security Essentials or Malwarebytes, and use active monitoring.

Always maintain the latest versions of your firewall, antivirus, operating systems, applications, and other systems. Routinely update as new patches become available, and update automatically if possible.

Educate users
User education must be part of any program meant to prevent ransomware. Highlight the warning signs of suspicious emails and suspicious websites. Demonstrate the need for regular patching and policy review. Encourage users to separate personal web use from their professional web use.

To follow these instructions you can protect your website against ransomware. If you need any assistance related to cybersecurity, Indian Cyber Army having best cyber and ethical hacking expert.To talk our cybersecurity experts call our cyber crime helpline +91-9968600000 and visit our website.

No comments:

Post a Comment

Top five Tips for Cyber Awareness | Indian Cyber Army

October is celebrated across the nation as the National Cyber Security Awareness Month (NCSAM) which is a yearly preparing effort has been...