Ransomware attacks have been acknowledged as the biggest threats of 2017 and are expected to continue their assault in the future also. Statistics show that:

• A company is hit with ransomware every 40 seconds.
• 6 in 10 malware payloads were ransomware in the first quarter of 2017.
• There were 4.3x new ransomware variants in the first quarter of 2017 as compared to that of 2016.

So far, Wannacry and Petya have dominated the ransomware attack 2017.

Impact of Ransomware, WannaCry, Petya Attack

WannaCry affected over 200,000 computers in more than 150 countries. It locked up systems in hospitals, schools, factories and many other industries, proving that it can bring business to a halt within a matter of a few minutes. For instance,

• In England, USA, Indonesia and Scotland, the ransomware affected medical devices and healthcare systems forced a shutdown in the hospitals. In fact, England’s National Health Service trusts were the most severely impacted in the world.
• In Russia, around 1000 computers at the Interior Ministry, along with those of banks, hospitals, railway networks and country’s second largest telecom company Megafon had to pause their operations.
• In France, the car maker Renault packed up their factory operations.
• In Japan, the corporate giants such as Hitachi and Honda Motor Company stopped their production.
• In China, universities and petrol stations had to bear the blow.
• In Taiwan, a private business, the national power company and a few schools were infected.
• In Spain, utility companies such as telecom, gas and power reported the malware.
• In India, Andhra Pradesh Police, West Bengal State Electricity Distribution Company and local authorities of Kerala were hit with the malware. There were also reports of shutting down of hundreds of ATMs.

Just when the world was slowly emerging from WannaCry, a new ransomware called Petya has scared everyone. Petya exploits the same bug that made Microsoft Windows vulnerable to WannaCry. Cyber experts are also calling it Golden Eye and NotPetya, and claim that

Petya attack is more dangerous than WannaCry because it has better worm capabilities. This means that it requires to infect only one unpatched machine to spread across the entire network and make the systems come to a standstill.

• Ukraine was the first country to be knocked off by ransomware Petya. Its central bank, power companies, international airport, metro system and nuclear facilities have had a major fallout due to this infection.
• Gradually, the outbreak has now extended its clutches to more than 60 countries, including India and others in Europe, North America and Australia.
• Some of the biggest corporations such as Russia’s largest oil company Rosneft, Danish shipping firm AP Moller-Maersk, and British advertising multinational WPP have also reported Petya attack.
• According to the global cyber security firm Symantec, India has been worst hit in Asia-Pacific region by Petya. The operations of the country’s largest container port Jawaharlal Nehru Port (JNPT), local manufacturing units of international companies and private port operator APM Terminals Pipava were disrupted.

Ways to Detect Ransomware, WannaCry, Petya Attack

You must have detection mechanism in place to makes your systems secure from Ransomware, WannaCry, Petya attacks. NetFort has recommended five ways to discover these activities:

• Look for file extensions: Usually, the ransomware attacker has a list of file extensions. WannaCry or Petya check the targeted computers for these extensions and if any of them match, encryption occurs. You can track these extensions through file activity monitoring software which keeps you informed about the activities taking place on the files on the network. You can also detect malware through this list of possible ransomware extensions and known ransom files.

• Keep track of file renames: File renames are common, especially if you have a huge number of users on the system. But, when a ransomware attack strikes, the file renames will be on a larger scale. An advisable rule is that if 4 renames happens per second, it is an indication of threat.

• Use anti-ransomware solutions: Implement ransomware detection software that run in the background, identifying or thwarting ransomware infections.

• Set up a sacrificial network share: It has been found that ransomware usually searches for local files before moving to network shares in an alphabetical order. A sacrificial network share can trigger an early alert and also defer ransomware from reaching critical data. An early drive letter such as E: can be used before proper drive mappings. In a nutshell, it acts as a bastion host or an active bait for early detection of attacks.

• Update IDS systems with exploit detection rules: Exploit kits are deployed as a way to get Ransomware onto a client through malspam or via compromised websites. May IDS, IPS and firewall systems have exploit detection features, but it is advisable to keep them updated and ensure they are working properly.

Prevention of Ransomware, WannaCry, Petya Attack

As they say, prevention is better than cure. While cyber attacks are not in your control, you can adopt the following practices to stay safe:

• Take backup of your data at the regular intervals. You should store the backup in the cloud as well as offline on a device so that you don’t up losing data in case ransomware hits your network.

• Phishing mails have emerged as the most identified type of cyber breach and ransomware is found to be the payload of choice for malicious email campaigns. So, email attachments and URLs should be opened with care. However a few emails appear too authentic for suspicion. Web and email filters can eliminate such human errors by scanning bad sources, domains and addresses; and blocking them. You can even implement DomainKeys Identified Mail (DKIM), Sender Policy Framework (SPF) and Domain Message Authentication Reporting & Conformance (DMARC) systems to block spam by detecting email spoofing.
• Always install software updates. Remember, every new update has new bug fixes to keep your system safe. Also, keep your anti-virus software up-to-date and avoid downloading pirated software.

• Disable macros in Microsoft Office. Certain files contain macros, which if you run, download the malware on your computers.

• If you are dealing with sensitive information or critical services, keep the client, business or server networks segmented with a firewall.

You can learn more tips on the Microsoft site.

If at all you fall prey to ransomware, you must try to explore every option that can help you recover the data. Paying ransom is not an advisable option, because there is no guarantee that hackers will decrypt the files after the payment.

Prevention and detection are the only two crucial strategies to avert ransomware threats.

The post After WannaCry, It’s Petya Now – Impact, Detection and Prevention of Ransomware Attacks appeared first on varstreet.