More ransomware! Everybody gets ransomware!!
Why has everything been falling into this abyss of stupidity?
The more I start to learn and look more into ransomware, the more prevalent it becomes. Every hour and every article I just read about another darn ransomeware strain being found as well as the advances in it its propagation method.
HECK! Like really? Samsam and Maktub Locker… first of all what are those names? In popular meme slang, “WHAT ARE THOSE!?!?!?”
Attackers are getting smarter and smarter, while users are becoming more and more dumb and gullible. How many times do I have to say, you did not win that free cruise, so please don’t send your email and credit card information to reserve the spot!
The ransomware Samsam gains access to an organization’s network by exploiting vulnerabilities in JBoss servers, such as a missing patch, and spreads to all machines connected to the network.
Maktub Locker, for its part, enters through spam or phishing emails with a virus hidden in an attachment, like a .ZIP file. Once opened, MakTub encrypts all data and systems connected to the network.
A common method of defense was creating backups for the files to be used in the case, especially being stored off on an off-site storage facility. However, it appears that both malware not only encrypt the local data and files, but also backups on the network as well. Maktub Locker goes as far as compressing and encrypting the files too before being sent back to the attacking host. Aside from backups, there needs to be deduplication of real-time data. In addition, there needs to be another look at firewalls and IDS/IPS for security purposes in routine risk and vulnerability assessments.
“It really is a battle between these cyber criminals and the rest of us,” she said. “There definitely is a learning curve, but we can benefit as a community to try to build these solutions together.”