A tale of three major ransomware threats
Ransomware does exactly what its name describes: It takes your data and demands payment for its return. The basic design hasn't changed in decades, although recent variants have upped the ante with strong encryption of stolen files as well as more efficient delivery mechanisms.
For example, the headline-grabbing WannaCry threat took advantage of a flaw in the Server Message Block (SMB) protocol of Microsoft Windows to jump between internet-connected devices. The similar NotPetya had a similar structure - it even exploited the same vulnerability - but was more difficult to mitigate due to the absence of a built-in kill switch for automatic deactivation.
The Bad Rabbit ransomware could spread through drive-by downloads on compromised websites.Most recently, a new strain called Bad Rabbit emerged in Russia and Ukraine. Bad Rabbit harvested passwords from infected machines, a feature also included in NotPetya, and entered devices via malware tucked into a fake update to Adobe Flash Player.
Rising to the challenge presented by modern ransomware
In a webinar hosted by New Horizons Computer Learning Center, the presenter examined the topic of cyber responders, who are sort of like the firefighters of cybersecurity. Cyber responders have important roles to play in reducing the risks of threats such as ransomware.
In situations involving truly novel threats - like WannaCry, NotPetya and Bad Rabbit at the respective times of their debuts - a cyber responder can provide the unique insights needed for identifying them, even when an automated system might not catch them. Cyber responders also contribute to organizationwide preparations for subsequent threats.
"A cyber responder can provide the unique insights needed for identifying a novel threat."
Ultimately, they improve the value of platforms such as Security Information and Event Management (SIEM) solutions and by doing so strengthen defenses against ransomware. Are you ready to take the next step in mastering tools such as SIEM and understanding the risks of modern malware?
If you are, learn more on our cybersecurity page, which includes overviews of our many security-related certifications and program tracks. Our webinars page also features the full cyber responder talk and many similar resources for expanding your knowledge.