New wave of malware attacks and how you can tackle them
Ransomware attacks targeting enterprises have become very common these days. Every month a new ransomware surfaces and the dangerous ones end up affecting thousands of users. It restricts users from accessing files on their systems until a ransom is paid. WannaCry and Petya are two of the biggest ransomware attacks we have seen this year.
The former infected 230,000 devices in 150 countries, while the latter mostly targeted 2,000 enterprises in 65 countries.
To find out the reason behind this spike in ransomware attacks, researchers from a US-based anti-virus company, Carbon Black, monitored 21 popular marketplaces on Darkweb and found a 2502% increase in ransomware sales in the last one year. This points out to the growing trend where anyone with malicious intentions, money and the technical know-how can buy a malware and rewrite it to exploit a particular vulnerability in a system and launch a new attack.
After Locky which sent out panic waves across 114 countries last month, a new malware called Bad Rabbit is giving a hard time to users in Russia, Ukraine, Bulgaria, Turkey and Germany. It encrypts all data on infected PCs and then asks users to pay a ransom of 0.05 bitcoin (equivalent to $280). If they fail to pay the ransom in 41 hours, the amount is increased.
Kaspersky Labs believes the new ransomware is a variant of Petya as it uses similar codes.
Unlike Locki which uses a spam email to infect a PC, Bad Rabbit has a different modus operandi. It looks for insecure websites to plant a malicious PHP code on one of the pages. Users visiting these pages are asked to install flash players which is actually hiding a malware web resource. Once installed, it tries to gain elevated administrative privileges and then adds disc encryption module, which prevents the normal boot up of the infected PC. So if a users start an infected PC, they are redirected to a modified bootloader.
The increase in ransomware attack has compelled tech companies such as Microsoft to find new ways to protect users and their devices. With the recently launched Fall Creator’s update for Windows 10, Microsoft has added a new anti-ransomware feature called Controlled Folder Access. Users can activate it in Windows Defender Security Centre. When ransomware strikes a system, it immediately tries to encrypt the files on it. Now, if an unauthorised app (anything other than system apps and the ones approved by the user) tries to access or modify files it will be blacklisted and users will be instantly alerted.