Are You Prepared for Cryptowall 2.0 Ransomware?
In a previous post, we discussed how sophisticated forms of malvertising have become more prevalent and dangerous. Modern malvertising threats have attacked users of reputable websites by infiltrating the advertising networks that deliver ads to those sites, using granular targeting criteria to focus on specific locations, organizations and users. A device becomes infected with malware when a page with a malicious ad loads, which means the device can be compromised even if the user doesn’t click the ad.
One of the worst threats associated with malvertising is Cryptowall, “ransomware” that encrypts all data on the hard drive of the user device and essentially holds it as ransom. Users are told that the only way to recover their files is by paying a fee to have their data decrypted. If the fee isn’t paid by a certain deadline, their data will be lost forever.
The ad networks compromised in a high-profile Cryptowall malvertising campaign in September and October of this year have addressed the issue. But are they – and your organization – prepared for Cryptowall 2.0?
Primarily delivered via email attachments, Cryptowall 2.0 has been enhanced in recent months to fortify “deficiencies” that allowed security professionals to stop the ransomware. Simply put, enhancements to Cryptowall 2.0 make it more difficult for users to recover data and easier for hackers to compromise computers and receive ransom payments.
Cryptowall 2.0 copies and encrypts data and securely deletes the original data files, forcing users to recover data from backups or pay the ransom. Cryptowall 2.0 also assigns user-specific bitcoin payment addresses for each victim, which prevents victims from stealing another victim’s payment and using it to pay their own ransom. Gateway servers through the Tor anonymization network are now being used for ransom payments in order to stay hidden and control access.
There are a number of steps organizations can take to prevent ransomware from compromising devices and minimizing damage. Block the download of .exe files without user permission, and block the use of Tor software unless it is essential to business operations. Prevent widespread file encryption by controlling user access to network shares. Deploy sophisticated security tools such as an advanced detection system to analyze incoming files and an endpoint protection system to prevent vulnerabilities from being exploited. If a device is infected, regular scans can remove the infection, and frequent backups can allow you to restore files without making a ransom payment.
Let ICG assess the state of your network security and backup processes. We can help protect your organization from ransomware such as Cryptowall 2.0 and develop procedures that enable you to quickly recover from a breach with minimal disruption to business operations.