Infection Vectors
Spam emails are a major contributor to spreading ransomware across the globe. This infection vector usually comes with attachments with two level .zip files and .scr file. However, recently these attachments have been spotted with .cab extensions as well.
Below is a sample email:
The malicious file inside this attachment is a downloader which installs and executes ransomware on the machine.
Payment Mechanisms
Ransomware samples commonly use various payment mechanisms that are mentioned below in order to collect ransom:
•SMSs or phone calls to premium-rate numbers
•Prepaid electronic payment – Ukash, MoneyPack etc.
•Bitcoins – virtual currency which makes it difficult to trace the actual recipient of the money
Ransomware creators have also started hosting dedicated payment gateways running behind TOR networks for anonymity, as seen in the case of TorrentLocker.
Users are strongly advised not to pay ransom amounts that are demanded. Making such a payment encourages this menace and moreover, it does not provide any guarantee that decryption and data recovery will be provided by the attacker.
Mitigation Techniques
We also recommend the following security measures to remain protected against ransomware attacks:
• Ensure you are using the latest version of Thirtyseven4 and it is updated with the latest virus databases.
• Thirtyseven4 provides multiple lines of defense against malware, including Virus Protection, DNAScan, Advanced Behavior Detection System and Email Protection. All should be enabled within your settings. We strongly recommend that you configure your Thirtyseven4 security product for maximum protection.
• Since Thirtyseven4 makes use of behavior based detection, we recommend that our users stay alerted to any Behavior Based Detection (BDS) prompts that they receive. There have been cases where the BDS has detected a ransomware but a user has allowed execution without actually reading the prompt anyway.
• Email Protection: Since ransomware commonly enters systems as spam emails with multiple levels of compressed .zip or .cab archives, or at times links to other downloadable files, you should make sure email protection is ON. Thirtyseven4 Email Protection actively blocks such malicious and suspicious attachments.
• Browser Sandbox is a great tool against malware using the Internet as infection vectors. Please enable Browser Sandbox from the Thirtyseven4 dashboard & Internet and Network Settings. Alternatively, you can use the “Thirtyseven4 Secure Browse” feature by launching it from your desktop while you are checking emails or accessing the Internet. The feature creates a secure layer around the OS to avoid tampering that can be carried out by malware.
• Advanced Behavior Detection System is a proactive detection-based tool that takes into account the behavior of an application. If the application under suspicion is not installed by you, it is recommended to block activity of this application by selecting the ‘BLOCK’ action.
External Drives and Devices: Enable Autorun Protection and scan USB drives or external hard drives before copying any files from them.
Periodically, scan the system using AntiMalware (Thirtyseven4 dashboard >> Tools >> Launch AntiMalware) which detects Adware, pop-ups and potentially unwanted applications (PUAs). It removes the risk of downloading malware through “Malvertising”.
Applying important software updates and patches
Ensure that Windows Update is enabled to automatically download and apply regular security updates. Also ensure that your system has the latest Windows security patches installed. Also apply updates for important software which is regularly targeted, such as:
– Microsoft Office
– Java
– Adobe Acrobat Reader
– Web browsers like Internet Explorer, Chrome, Firefox, Opera etc.
– Adobe Flash Player
Regular backup of important data
It is very important to understand the need for data backup policies for all your important data. It is highly recommended that you periodically backup your important data using the right combination of online and offline backups. Do not keep offline backups connected to your system as this data could be encrypted in case of an infection.
Follow best security practices
• Do not open and execute attachments received from unknown senders. Cybercriminals use ‘Social Engineering’ techniques to allure users to open attachments or to click on links containing malware. Don’t be duped!
• Keep strong passwords for login accounts and network shares.
• Avoid downloading software from untrusted P2P or torrent sites. At times, they are Trojanized with malicious software.
• Do not download cracked software as they could propagate the added risk of opening a backdoor entry for malware into your system.
This article originally appeared here, and is used by permission.
