Extortion in the Cyber Age is nothing new, but it appears to be prospering in 2017. As recent media attention

reminds us, a massive expansion in both the size and strength of ransomware attacks is underway. The strains

are evolving quickly, the perpetrators are growing more clever and ransomware is becoming big business. In this

article, we’ll look at what’s new in ransomware and provide a few tips to help you stay ahead of the emerging

threats on our radar.

Autonomous CryptowormingIn the In the wake of the global WannaCry outbreak in May 2017, the world discovered the unprecedented ability for

ransomware to replicate and spread very quickly through an organization. These cryptoworm attacks are

enacted by remote code execution, and their first task is to gain enhanced user privileges. From there, they

move on to target the most susceptible network devices and install their ransomware payloads wherever

possible. The malicious code then sets to task, encrypting the maximum amount of information possible -

without explicit instructions or further human intervention.

Bad actors have not discriminated on who they tap as their next victim. From hospitals to universities

tto gas and oil companies, industries and organizations of all types have been hit, and any business

using old or unpatched software could be next. But with an ounce of prevention, that won’t

be you.

Because ransomware preys on outdated software, keeping software up to date and

installing the most current patches is a critical first step. It is also important to identify

where loose access privileges and unnecessary resource sharing may pose a risk, and

button up those vulnerabilities. Finally, a sound DR strategy that includes frequent

bacbackups and off-site storage can help lessen the blow if you do fall victim.

1

COMING SOON: THE LATESTTRENDS IN RANSOMWARE

(and a little advice to help protect your business)

veristor.com

2veristor.com

Two-Stage InstallationEternalRocks is a new threat with a familiar background. Like WannaCry, it leverages hijacked NSA tools to

worm past securities. But unlike WannaCry, which only uses two stolen exploit kits, EternalRocks utilizes all

seven. It attacks in a distinctive two stage installation process, with its second stage lying dormant for twenty-

four hours before downloading and replicating. It’s an approach designed to truly catch its target off guard.

EternalRocks hasn’t yet been adapted into a weapon capable of corrupting files or delivering malevolent

ccontent, but it’s only a matter of time. And behind this threat, which we can see coming, there are undoubtedly

many more we cannot. Hence the need for a multi-layered approach to security.

A healthy security posture requires a balanced diet. Asset identification, staying up-to-date, protecting

endpoints, educating employees, backing up to the cloud and monitoring for breaches are the key ingredients.

By putting them all together in a proactive plan, we can better protect ourselves from even the most innovative

threats.

Ransomware as a ServiceFFor ransomware to reach its most lethal potency, it must be developed, nurtured, distributed and then

unleashed. This process has been streamlined recently, with ransomware as a service (RaaS) becoming an

industry unto itself. And business is booming.

Once upon a time, ransomware was a labor of love and destruction for cybercriminals - a hobby. Now,

those who develop it have graduated to franchising it. They’re no longer dealers, they’re Dons. To

maximize profit and menace, developers are making their creations readily available, at a premium,

to other likeminded bad actors. They have even crafted sites that allow franchisees to create and

ccustomize their very own families or variants of ransomware.

As an example, the hacking firm known as Shark gives tools to potential actors for free. If

the actor is successful in his attack, the ransom is paid directly to Shark. Shark then takes

its cut, typically 20%, and gives the rest back to the bad actor.

The new RaaS model means two things for those of us trying to defend our

operations. Ransomware is becoming easier and more accessible to those who

want to profit from it, and malicious code is evolving faster than ever. To stay

3veristor.com

one step ahead of these attacks, be sure your security providers are on the front line of innovation and diligence,

constantly monitoring the exploit kits in play and frequently updating the threat vectors they defend.

Variable DemandsOne of the most recent developments in ransomware is the use of variable ransoms. Instead of requesting a

standard ransom amount, actors are basing their demands on factors such as the volume or value of

information. There have also been instances of the ransom amounts being time variable, where victims are

gigiven a deadline to pay or the price doubles. By flexing ransoms based on quantity, quality or time factors,

attackers are increasing stress and adding urgency for businesses to pay up.

Based in Washington, DC, MedStar Health was hit by an attack which locked up the hospital’s network of

computers, and the attackers demanded a variable ransom of three bitcoin per device to release them. The

attack was so significant that it led to some patients being turned away because their records were inaccessible.

Today’s sophisticated ransom demands require an equally sophisticated defense, and that's where the cloud

ccomes in. The right cloud-based disaster recovery solution can back up information at an extremely high rate,

giving businesses the ability to revert to their unencrypted data with very little productivity loss. A good, secure

cloud-based disaster recovery solution can make even the most intricate ransom demand of little concern.

Shadow IT InitiativesOne relatively new trend in ransomware is not happening in the world of the attackers, it’s happening

within our business’ own walls – shadow IT. This term refers to the unsanctioned, unmanaged

technology initiatives that often result when eager organizations bump up against inadequately

rresourced IT departments. In today’s fast-moving business climate, leaders often value speed

above all and bypass IT to get things done fast.

Because shadow IT initiatives operate outside of IT’s best practices for security,

management and monitoring, they can create an open door for ransomware attackers.

And once malicious code gets in, not only can it infect the hardware and software

associated with shadow IT, but it can spread to otherwise secure regions of a

company’s network, too.

IT

4veristor.com

Counteracting shadow IT comes down to strengthening your IT department and getting back to the good old

basics. Equipping IT with the necessary, qualified staff, and keeping them up to date on modern trends and

technology is paramount. So is educating business leadership on the risks of working outside the system. It’s a

common-sense solution, but the strongest security measures typically are.

Sophistication: The Challenge and the SolutionThe common theme across modern ransomware is sophistication. It has evolved from a side job to a master

ccraft, and continues to grow ever more complex with each new attack. Ransomware’s key tool, malicious code,

is becoming more extensible, penetrating deeper and causing more damage. Attackers are becoming more

sophisticated, demanding more intricate ransoms and building a cottage industry around ransomware. Even

the increased sophistication and speed of today’s technology enabled business poses a risk.

To stay safe, we need to evolve faster than the attackers. We must use up to-date software, choose cutting-

edge security solutions, embrace alternative data storage systems and lean more heavily on the cloud for

bacbackup and DR. But we must also revert to the steadfast best practices that have gotten us this far, educating

users and business leaders, properly staffing IT departments, maintaining our systems well and fortifying our

overall security postures. When we strike a sophisticated balance between innovation and the basics, we put

ourselves in the best position to keep ransomware attackers at bay while still propelling our businesses forward.

To learn more about the latest threats in ransomware, visit veristor.com.

© 2017 Veristor Systems, Inc. All Rights Reserved