Taken Digitally – The Rise of Ransomware in the Enterprise Space
Liam Neeson is not coming to save you, no matter what specific set of skills he possesses when it comes to one of the internet’s worst crimes. Ransomware is not a new thing. It has been around for decades now, but has recently seen an increase in activity as more and more people have come online, thereby increasing the number of potential victims. For the majority of that time, criminals have gone after individuals, usually the elderly, people with little technical knowledge or just about anybody. However, a new trend is being seen as entire businesses have become targets of this crime.
The enterprise space is now on high alert after Microsoft reported that the Samas ransomware strain was capable of lurking deep within enterprise systems and patiently extorting money from them over a prolonged period of time. Samas is deceptively simple in its operation. It first scans the net for targets using a vulnerability scanner, then uses a tool called reGeorg to tunnel its way into the victim’s system. It activates, it waits and collects access credentials to files. But before the trap is sprung and the files are encrypted, Samas first seeks out backup files and deletes them. Then you start wishing that Liam Neeson’s character from Taken is real and that he takes on digital cases.
Before you throw your hands up in defeat and start crying into your hands, there are tactics that businesses can implement to help ward off the headaches that come along with ransomware attacks.
Remember that ransomware fraudsters deal in information. The more isolated the piece of information the more valuable it is perceived to be. However, if a duplicate exists then that piece of information becomes less valuable to them. In short, backup everything. Have duplicates or multiple copies on separate locations, both virtually and physically. This way if a fraudster ever locks you out of a file, you simply access said file from a different location. Crisis diffused.
But what about complex attacks like Samas? Yes, Samas and its cousins are very dangerous but complex attacks require a lot of space to maneuver in the system. This usually gives security teams enough time to detect and implement action against the ransomware attack. Skilled teams are usually alerted to the spread of malware through the behaviors that accompany an attack such as the liberal use and abuse of credentials.
Attacks on the enterprise space also show the IT security community some new behaviors of ransomware criminals. Instead of having a broad reach, in attempt to attack and extort money from as many people as possible, these fraudsters are focusing on pinpoint precision attacks that rely on patience and a long term goal. It is a scary realisation to witness criminal behavior evolve. However, it is equally as good to see the tactics to combat these acts evolve as well. With these methods at our disposal we are able to stand a better chance against such attacks.
Author
David Share – Director at amazingsupport.co.uk. David has held positions as Operations Director and Head of IT in legal and professional firms for more than 10 years. He is a Director and co-owner of Amazing Support, a Microsoft Silver accredited and specialist Managed IT Support and IT Services company. David sits on the UK Council for Child Internet Safety (UKCCIS) and is also a professional member of The Chartered Institute for IT (BCS). He actively helps SME businesses receive better Managed IT Support in the London and Hertfordshire areas. David is married with a son and you will often see him riding his bicycle in and around the Hertfordshire towns! He regularly participates in charity bike rides for the British Heart Foundation.