This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.
Justin Peters, Technology Solutions Director, APAC, Sophos.
Ransomware is one of the most widespread and damaging threats facing Internet users today as it scrambles files and renames them, prompting users to buy a decryption key at an exorbitant price.
A recent research by SophosLabs indicates a growing trend among cybercriminals to target and even filter out specific countries when designing ransomware and other malicious cyberattacks. SophosLabs has also seen trends of different ransomware strains that target specific locations, which mean cyber threats can contain vernacular languages, local brands, logos and payment methods, making ransomware highly believable and effective.
Latest technique adopted by cybercriminals
Cybercriminals target popular, high-traffic, legitimate websites and redirect users to malicious web pages without the victim's knowledge. This kick starts the infection process, which results in further exploitation when users visit these malicious sites.
The RAA ransomware has recently been circulating through email attachments masquerading as Word.doc files called Invoice.txt.js, which appears as "invoice.txt" on most Windows systems. Opening the attachment kicks off a series of steps such as scrambling and locking the victim's files, and downloading and saving additional malware onto the computer. When the victim is distracted paying the ransom, the newly downloaded ransomware launches a password stealing Trojan as the user is likely to begin logging onto sensitive sites to turn some cash into bitcoins; a form of digital currency created and held electronically.
The RAA ransomware adopts a technique that is simpler than the most common method of infection, which involves the use of a Word document containing a malicious macro and attached to an email.
IT teams need to understand that traditional security solutions are no longer effective in protecting against unknown variants of ransomware viruses. Signature-based methods to detect ransomware are simply unable to keep up.
In order for threats to be detected and remediated immediately, the network and endpoint should communicate in real-time while being synchronised across the entire threat surface. Sophos refers to this approach as "synchronised security", as it is an integrated, highly automated security system that is advanced, intelligent and suitable for businesses of any size.
Sign up for Computerworld eNewsletters.