What is Ransomware?
Ransomware is a type of malware that holds users’ files, applications, and occasionally their entire machine hostage until a ransom is paid. While many early variants of ransomware just restricted access to files, most current ransomware strains use robust public key cryptography to encrypt data on local machines as well as network drives. Once installed, ransomware locks files and then it displays a ransom note instructing the victim to pay a ransom—usually in bitcoins—to obtain a key that will unlock the files.
In the past, almost all ransomware attacks were opportunistic; ransomware authors spread ransomware through malicious email attachments or malvertising and other web-based attacks. However, some ransomware makers have progressed from infecting users on a one-off basis to targeting organizations as a whole. By infiltrating a network using targeted attack techniques, then encrypting all files and backups at once, cybercriminals can extort more money they could ever expect to collect from an individual user.
As ransomware attackers shift their focus from individuals to organizations, they will continue to incorporate more advanced methods like reconnaissance, privilege escalation, and lateral movement into their attacks to maximize their damage and their monetary gains.
What does LightCyber have to do with it?
To detect ransomware attacks early, organizations should deploy behavioral attack detection. The LightCyber Magna Behavioral Attack Detection platform profiles user actions by analyzing network traffic and processes on end points. In the case of ransomware, Magna recognizes when end points start encrypting files on network drives. With advanced ransomware, LightCyber Magna can detect command and control activity, network reconnaissance, login failures and other characteristics of targeted attacks that occur before the ransomware encryption is begun.
To find out the top ways to stop targeted ransomware attacks, download the white paper 9 Steps to Defeating Ransomware.