Ransomware Cyber-Attack Threat
A continually improving ransomware attacks is a challenge that IT companies, online businesses, health trusts and even governments are facing. In a short-term, ransomware infection blocks access to essential files on computer or server for weeks and months. Such cyber security incident is dangerous for daily business operation knocking out successful businesses until the hacking recovery. While in long-term, ransomware infection has severe consequences striking business's reputation and leading to commercial and financial collapse.
Published statistics reveal the scale of the ransomware and its profitability: Google research finds that ransomware victims have paid out the cybercriminals more than $25 million in ransom over the last two years (Source: https://www.theverge.com/2017/7/25/16023920/ransomware-statistics-locky-cerber-google-research); the estimated WannaCry ransomware impact - over 10,000 organizations and 200,000 individuals in over 150 countries (source: http://www.bbc.com/news/technology-39913630)
Is My Website/ Business At Risk?
It is important to stress that every massive infection starts from an attack on a single victim PC (machine/computer) from where the ransomware is spreading to other unpatched computers in the network by exploiting known security vulnerabilities.
WannaCry, Petya, Uiwix, Locky or any other families of ransomware attacks share the primary cause which is an outdated, vulnerable software used by organizations and endpoint consumers.
Malware developers are keeping a very tight view on the malware improving it to utilize new security weaknesses and avoid antivirus detection. Relatively cheap for purchase and accessible for download, ransomware becomes a trendy piece of malicious software. Especially with the rise of "ransomware as a service" proposals, when almost every technically equipped person can easily launch ransomware attacks just paying malware developers some dividends from every ransom.
Quttera's free online malware scanner service performs daily analysis of tens of thousand websites, and it periodically detects ransomware samples/infection from different ransomware families on compromised websites. This threat intelligence is then serving the internet community and ThreatSign! customers by improving our malware detection algorithms.
Following are some examples of links to files which could be used as rules for ransomware detection:
How Can I Keep My Website/ Business Protected?
You can start with simple and practical techniques such as running updates on time, being very careful with suspicious emails, regularly backing up your data and having anti-virus software on your PC. It would at least provide minimal protection against certain kinds of ransomware, especially for the home users. Unfortunately, modified and sophisticated ransomware versions, as well as new security vulnerabilities, are being discovered on a daily basis making those common security measures insufficient.
Proper cyber security risk management must incorporate the essential anti-malware components to prevent and remediate hacking attacks, including ransomware. Online assets, like websites, should be constantly monitored outside-in and inside-out for the signs of the potential security threats.
External, HTTP-based, monitoring ensures a website does not spread malicious software or malicious links via presented content, in case it has already been compromised and became a link in the malicious chain.
The website internals, however, cannot be accessed via HTTP scan. That is why the internal FTP-based monitoring is paramount in identifying the malware already planted inside the file system.
Server-side malware scanning (FTP-monitoring) detects the malicious components in the PHP, HTML, JS and other files used to generate the web page.
Another security feature that is often overlooked by IT staff is DNS/IP monitoring. While it might not seem to be directly related to the ransomware, it helps in protecting against it because it ensures that website DNS records are not compromised, and your website URL leads visitors where it should exactly.
When carefully examined and acted-upon promptly, the monitoring reports, alerts and logs allow to stay ahead of the next hacking attack and remediate any existing online threat with the minimal to none damage.
If you're running a WordPress website you can install our free Quttera Web Malware Scanner plugin to run periodic checks of your WordPress websites and review the detailed malware reports.
Is your website flagged for malware, blocked by the search engines or disabled by the host?
We are always quick to respond to protect our customers from ransomware and other cyber threats. Our experts are here to clean up any malware from your sites and remove false-positives, blacklisting and different kinds of alerts by any security vendor and search engines. Just select appropriate ThreatSign! Anti-Malware plan and get back online.
For other issues and help: Quttera’s help-desk