New campaign of targeted ransomware attacks
During the past few weeks, we have received information about a new campaign of targeted ransomware attacks. Instead of the normal modus operandi (phishing attacks or drive-by downloads that lead to automatic execution of ransomware), the attackers gained persistent access to the victim’s network through vulnerability exploitation and spread their access to any connected systems that they could. On each system several tools were used to find, en
Prevention Based on what we have learned about these attacks, it seems clear that the adversaries launched a targeted and manual attack with the goal of holding files for ransom.
Some of the techniques used suggest an attempt to evade detection. Although there is no silver bullet to prevent such attacks, good security practices do help.
We recommend the following measures:
• Quickly install security updates: The entry point appears to be exploiting a known vulnerability in third-party software. This demonstrates the value of disciplined practices regarding operating system and application software updates, especially for externally facing systems.
• Ensure updated security software is installed: When malware such as ransomware is discovered, up-to-date security software may be able to detect it.
• Implement a robust backup/recovery strategy: Good backup and recovery is critical in cases of targeted attacks as well as other catastrophic events. The data should be stored in a secure and separate location, and the recovery strategy should be frequently tested.
February 2016 By Christiaan Beek and Andrew Furtak