Securing Cyberspace: The evolution of Ransomware
“Companies spend millions of dollars on firewalls, encryption and secure access devices, and it’s money wasted; none of these measures address the weakest link in the security chain.” – Kevin Mitnick, The World’s Most Famous Hacker
In the aftermath of WannaCry – a crippling cyber invasion that corrupted more than 300,000 computers worldwide – businesses small and large scrambled to future-proof their digital infrastructure. A recent survey by research firm Vanson Bourne of respondents in the UK, US, Germany and Australia said a quarter of business leaders added cybersecurity to their boardroom agenda, in response to the attack.
But then just eight weeks later, in yet another dramatic demonstration of the value of keeping your data as secure as possible, Petya, or NotPetya, hit global systems. Most crucially, this new strain of the Petya family of encrypting ransomware worked to contaminate Ukraine’s international airport and central bank, before seeping into the Chernobyl nuclear facility and the wider world. According to Forbes, some experts say NotPetya possesses some extra powers that make it “deadlier than WannaCry”.
Thirty years ago, brand-new Windows applications had an average development rate of around one new app per month. But now, with over 10 million malicious applications making their presence known around the globe, it’s clear that the more traditional antivirus techniques no longer suffice.
When compared to WannaCry, the worm proficiencies of NotPetya have considerably bolstered, allowing it to flood infected networks at a truly break-neck pace. This ultimately means that one unprotected device could potentially bring down an entire network.
On top of this, some of Microsoft’s most experienced researchers claim the ransomware embodies a number of ‘lateral movement’ strategies, transcending network borders via simple file-shares, while employing ‘trojan-like’ abilities to hijack crucial data.
While the weapon of choice against cyber invasions now stands as interrogative virus analysis, this technique of closely investigating code is not up to par when it comes to new-fangled and fast-evolving threats.
Experts may claim that phishing emails and watering hole attacks are the predominant force behind the spread of malware, an inquiry by Talos Intelligence stated “it is possible that some infections may be associated with software update systems for a Ukrainian tax accounting package called MeDoc”.
But it appears that the organization wasn’t too proud of professedly admitting its server was compromised, since the post referenced above has since been deleted. And why are so many influential servers falling victim to the effects of destructive attacks like NotPetya?
The answer is simple and clear-cut: because they are not installing their systems with adequate protection.
“The popularity of ransomware is not going to decline anytime soon,” Netta Simhl writes in a post for Deep Instinct.
“Available for sale on the dark web in the form of CaaS (Crime as a Service), easy to operate and distribute, ransomware has become accessible to any inexperienced attacker. Furthermore,” Simhl adds, “ransomware has proved its efficiency and potential for gaining large-scaled profits in several major attacks on hospitals, financial institutions and even in electric and water utility. Therefore, attackers are expected to target more businesses, which are likely to pay large amounts of money, in comparison to private users.”
And with Steve Grobman, CTO of McAfee, signalling NotPetya as the “natural evolution of ransomware technology”, but also a “test-run for a much bigger and bolder attack in the future”, it’s undeniably time to install the right protection for your business.
Here are three global players who provide innovative cyber security solutions…
As the industry leader in Unified Threat Management (UTM), Next Gen Firewall and Secure Wireless solutions, WatchGuard employs a take-no-prisoners approach to keeping systems secure, with a dynamic portfolio of offerings designed to protect organisations of any scale and size.
From the more traditional prevention of intrusion to gateway antivirus, application control, spam prevention and URL filtration, to the more advanced protection functions that strive to tackle malware, ransomware and data breaches; WatchGuard embodies the services that keep you and your company safe.
“I think WatchGuard is the obvious choice,” says Sean Furman, Founder and CEO of STF Consulting. “Hands down – WatchGuard has the most powerful user interface and best tools of any firewall I’ve ever seen in my career,” he adds. “The stuff that I can do with just a couple clicks with WatchGuard is going to take you hours with other security vendors.”
Every WatchGuard product stands as an adaptable solution to your specific needs, promising a strong and consolidated fix that comes with easy-to-manage, cost-effective Firebox appliance.
Offering the Advanced Persistent Threat (APT) Blocker, on top of leading provisions for Threat Detection and Response (TDR) and Data Lost Prevention, WatchGuard embodies the first-rate security solution that meets the needs of a rapidly-changing landscape of threat. Read the full profile…
This company is unique in its ability to provide flexible products that mould not just to your security needs, but also to your budget. FireEye’s ransomware catalog is guaranteed protection for your company’s sensitive data, offering advanced detection and protection services complemented by actionable threat intelligence.
“The FireEye solution defends against the growing and ever-changing ransomware threat,” the company explains. “It provides real-time, inline ransomware protection for multiple attack vectors to prevent or interfere with the activation of ransomware and protect you from financial loss and business disruption.”
Every part of FireEye’s solution combines to create one comprehensive and easy-to-manage strategy, contributing to the product’s status as one of the strongest defenses against ransomware. The portfolio includes:
- FireEye Email Security
- FireEye Endpoint Security
- FireEye Network Security
- FireEye Threat Intelligence
“We recently blocked several serious targeted attempts sourced from both email and websites – including ransomware and credential stealing – where FireEye more than proved its worth,” says Stephen Schommer, IT Director at the Northshore Utility District – a satisfied FireEye client.
The Fortinet Security Fabric provides sophisticated safeguarding services against the Petya ransom worm, offering featured like automatic intrusion detection/prevention (IPS/IDS), malware protection (antivirus), real-time analysis of suspicious code (FortiSandbox), and automated informationsharing to protect from end-to-end.
“The Fortinet Security Fabric provides a new, intelligent architectural approach to security that enables enterprises to see, control, integrate, and manage the security of their data across their entire organization, even into the cloud,” the company explains.
“[This] approach [also allows] security to dynamically expand and adapt as more and more workloads and data are added, and at the same time, seamlessly follow and protect data, users, and applications as they move back and forth between IoT and smart devices, borderless networks, and cloud-based environments”
Fortinet’s ability to cease all known ransomware at every possible entry part sets it apart from market competition, representing a solution that impacts the network, endpoint, application, data center, and access: powered by FortiGuard global threat intelligence.
“FortiSandbox and other advanced detection techniques identify new ransomware and all of its variants,” the website notes, “creating the necessary actionable intelligence for remediation.”
*Some of the companies featured in this article are commercial partners of TechWire Asia