Over a million developers have joined DZone.

How Ransomware Became Hackers' Weapon of Choice: What EFSS Can Do About It

DZone's Guide to

How Ransomware Became Hackers' Weapon of Choice: What EFSS Can Do About It

An EFSS platform can monitor security threats, like ransomware, before they can do any real damage. Click here to learn more about hackers' weapon of choice.

· Security Zone ·
Free Resource

Protect your applications against today's increasingly sophisticated threat landscape.

Ransomware-infected files can spread like wildfire. Attacks are easy to launch, and they can take down an entire business, bringing operations to a screeching halt for a week or more. 

One would assume that large enterprise file sharing (EFSS) platforms would offer built-in protections. This is not always the case. Google never forced security measures like two-factor authentication after more than a million user accounts were infected with malware designed to steal their credentials. It took Dropbox four years to force password resets for the over 60 million Dropbox users who had been hacked in 2012.

Speed and ease of use, in other words, do not indicate data protection. The onus is on the end user to vet innovative solutions that can aid in avoiding ransomware scenarios. Users must look for solutions that offer customization, heuristic analysis, and backup and recovery options to stay ahead of hackers and keep their business up and running.

Phishing and Spoofing Roots Phishing is a way of exploiting a user’s trust to gain access to their accounts. It’s often done by spoofing or mimicking the look of an advertisement or legitimate email. An attacker counts on you or a user in your network on taking the bait and letting them into your system. Once a hacker gets inside, it can take years before the real damage is known.

Ransomware has taken this ability to compromise your data to a new, diabolical level. Once hackers gain access, ransomware encrypts your data, locking you out of your own system. Victims receive instructions to either pay the ransom or have their data wiped. Faced with the decision to halt business or pay the attackers, companies find themselves between a rock and a hard place. 

Gaining Maturity

Ransomware grew up by developing out of modified phishing methods. In September of 2016, a hospital was infected with Locky, a ransomware that propagated itself through fake Microsoft Word invoices. When an unsuspecting party attempted to download the invoice, they were prompted to “enable macros.” But, once enabled, the macros would download and execute an encryption that then locked down the computer system. Hospitals are likely to target these types of schemes, because their private records are prime time collateral and, often, they end up paying to recover their system for the lives of their patients 

A similar business database targeting ransomware, called Cerber, kicked off a new Ransomware-as-a-Service (RaaS) trend in November 2016. Clients could pay a 40 percent share in a ransom ring in exchange for whatever was needed to launch an attack. Cerber pushed out updates every eight to ten days, forcing malware recipients into a constant defensive stance. In the first quarter of 2017, Cerber was responsible for at least 25 percent of all ransomware encounters at enterprise endpoints. 

At the end of 2016, ransomware attacks earned hackers more than a billion dollars. This led to the rate of infection attempts jumping more than 100 percent the following year. Now, it is estimated that every 10 seconds, a consumer is hit with ransomware. Business enterprises are the second target on their list. 

Ransomware Goes Viral

Last May, a rapidly spreading crypto worm called WannaCry infected 230,000 systems across 150 countries in what, to date, is the world’s biggest cyber attack. Among those infected were global businesses including Nissan and FedEx, as well as many governments and health organizations across the world. After the dust settled, less than one percent of the 400,000 victims opted to pay the ransom. The attack was still a major disruption and serves now as an example of the widespread havoc that relative amateurs can wreak.

Quickly on WannaCry’s heels, June brought attacks Petya and NotPetya, which infected systems by deleting boot-level files. As more sophisticated and organized attacks, even if a ransom was paid to decrypt files, the damage to an infected system remained unfixable. Some theorized that the hackers were more interested in damage rather than money, but that didn’t stop them from demanding a quarter of a million dollars for the encryption keys.  

Weapon of Choice

In any enterprise environment, your enterprise data is your company, and it must be safeguarded at all costs. Since all Enterprise File Sync and Sharing platforms hold content critical to a business, synchronize files from one computer to another and are broadly used across employees and external users, including partners, vendors, and customers, they are automatic ransomware targets. So, how can you defend your data in such an adversarial online world? 

1. Prevention Through Customization

The best defense against any phishing attack — and remember, ransomware emerged from phishing — is to educate your employees to recognize the difference between genuine communication and malicious spoofing. Hackers can easily create false emails from SaaS products that look like the real thing. When using an EFSS, look for the ability to customize emails including your organization’s branding, design policies specific to your needs and maintain the ability to broadcast alerts to thwart attempted attacks. 

2. Heuristic Analysis

Detecting threats in real-time require the ability to search for suspicious content or unusual activity. Through heuristic analysis, an EFSS platform can monitor and watch out for security threats, like ransomware, before they take hold. Since ransomware attacks a computer and, then, encrypts information, an EFFS solution needs to be able to detect and stop the synchronization of encryption as it tries to spread from computer to computer to limit the attack.

3. Backup and Recovery

Unlimited versioning and server backups are a must to recover from any data loss accident, including ransomware. In general, backups are simpler and happen at periodic intervals while versioning means storing all older versions and new versions that are created. Both options ensure peace of mind, but versioning allows you to not lose any work in the event of a ransomware attack. An EFSS solution should support versioning as it enables your organization to backtrack to whatever iteration of files necessary.

Increasing Sophistication

As the weapon of choice for cybercrime, ransom attacks continue to grow in scope and sophistication. Attacks can be launched by individuals with little technical experience — amateur cybercriminals hire hackers on the dark web; such malware-as-a-service rings are turning data theft into an industry. Infection vectors are moving away from phishing and newer threats are becoming self-executing and self-replicating. Fortunately, companies that choose to utilize modern defenses can keep themselves ahead of the threat.

Rapidly detect security vulnerabilities in your web, mobile and desktop applications with IBM Application Security on Cloud. Register Now

security ,ransomeware ,efss ,hackers ,ransom attacks ,cyber attacks

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}