One of the most confusing aspects of malware is that infiltrators never devised a better method of getting their software onto networks.
Up to this point, ransomware and malware developers have relied on phishing emails and watering holes (targeted, compromised web sites hosting malicious code) as delivery methods; depending on trickery and the end user’s naiveté. Now, that’s changed.
Take for example the previously discussed SamSam, malware that targets the health care industry. One of the most notable features of SamSam is that it doesn’t need to communicate with its C2C server to set up file encryption.
But that’s not the only thing new with SamSam. With it and variants like it, we’ve seen evidence of what some experts are calling “cryptoworms.” This is malware that has the ability to propagate like the classic worms of the past (SQL Slammer, Conficker) across the Internet by exploiting known vulnerabilities. They are also able to spread laterally across an internal network to infect more hosts.
Some experts are saying that SamSam will be at the core of many more of these cryptoworms in the future, and that future variants will be more autonomous and more proficient at targeting network vulnerabilities.
Protecting your network from cryptoworms
This comes down to doing the basic stuff, like making sure that you are covering all of your bases. This can keep your network protected from the vast majority of attacks.
Properly segmented backups:
With regularly backed up data, it’s not too difficult to revert an infected system back to a clean, saved version. Just make sure the system to which you’re backing up your data is properly segmented with the proper permissions. There are some ransomware strains that can and will attempt to encrypt the backups, too.
Up-to-date updates and patches:
One of the commonalities among nearly all of these pieces of malware is that they take advantage of known vulnerabilities in servers and software. The easiest way to keep malware and ransomware off your networks is to get rid of these vulnerabilities. You do that by keeping everything on your network up to date. Make updates and patches a priority.
Something on the wire that can watch traffic:
The hackers can make all the innovations they want to ransomware. They can shift how it actually gets onto a network. They can make it easier for it to propagate itself once it’s there. And now, ransomware called ‘Bart’ can lock files without communicating with a CnC server first. Still, at some point between the initial infection and ransom payment, the infected system will need to communicate with an external server. That’s why it’s critical to have something on the wire, like an intrusion protection device, that can watch both the traffic coming and going and flag anything suspicious.
These are just three steps to protecting a network, and none of them involve cutting-edge hardware or overly expensive unproven new tools. They involve adopting new mindsets in regards to security. For more on the security mindsets that can help keep your network safe, download a copy of our ebook 7 Security Mindsets You Should Adopt Today.