Ransomware: The Attacker’s Choice for Cyber Extortion
How to combat ransomware
Ransomware often uses the web or email to reach victim systems, so those are vectors that security teams must monitor for signs of attack.
Web-based attacks tend to use drive-by exploits that target browser, platform or system vulnerabilities, or rely on malicious URLs or malvertising that may redirect users to sites that host exploit kits. Once it takes hold of a system, it can travel to other connected systems or servers on the network. Email-based ransomware is generally used in targeted attacks, and relies on a variety of methods, including phishing, spear phishing, malicious attachments and URLs.
To properly defend against ransomware, three things need to happen:
- The infection process must be thoroughly analyzed to determine the path of attack and system vulnerabilities
- The malicious code must be analyzed to determine its purpose and signs of activity (behavior-based analysis)
- Access from infected machines to command and control servers (used for data exfiltration or to download additional malware) must be blocked
This defensive approach relies on connecting warning signs across different vectors that are often overlooked by traditional security solutions. Advanced security solutions, such as FireEye Network Security (NX Series), FireEye Email Security (EX Series), or FireEye Email Threat Prevention Cloud (ETP) stop ransomware from taking control by blocking exploit kits, malware downloads and callback communications to the command and control servers. They can also minimize the overall impact of ransomware by tracing its attack path and methodology and sharing threat details to stop future attacks.