The growing ransomware threat
Ransomware activities targeting large and small organizations have
been rising steadily since mid-2015. Small and midsize enterprises –
with their limited budgets and expertise – that rely on or work
heavily with data are prime targets for attackers.
How does ransomware work?
Most reported ransomware infections are introduced via email
attachments or embedded links. Attackers often target key personnel
and high-value computers with social engineering tactics and spear
phishing to maximize their gains.
Web-based ransomware attacks tend to use “drive-by-download” exploit
kits that take advantage of browser, application and system
vulnerabilities in a multi-stage process:
Stage 1: Infect a legitimate website or hacks an advertising
network to insert code.
Stage 2: Profile the user system and redirect them to another
web page with an exploit kit that detects vulnerable software such as
older versions of Java or Flash on their computer.
Stage 3: Deliver an encrypted, obfuscated or encoded malicious
payload to the user’s system. Ransomware takes effect once the payload
Stage 4: Establish a connection to a callback server so the
attacker can set up the unique keys to encrypt the victim’s data.
Why are you vulnerable?
Sophisticated attackers test conventional defenses (antivirus
software, next-generation firewalls, secure email and web gateways,
intrusion prevention systems) and adjust their tactics to defeat them.
The static analysis and signatures used by these defenses cannot:
- Update fast enough to keep pace with evolving attacks
- Optimize and automate operations to detect unknown,
never-before-seen threats in real time
- Detect custom and
encrypted communication between an external command-and-control
server (CnC) and infected host
- Protect against multistage
web- or email-based ransomware attacks that traditional sandboxes