Categories
Cyberinfrastructure Education Ransomware Technology

Ransomware Vendor Solutions

There are a number of emerging vendor solutions to address ransomware threats as 2018 begins.

ransomware, botnets and crypto miningThe continuing ransomware threats in 2018 may shift from global attacks to botnets and cryptocurrency attacks. The financial attacks like WannaCry and NotPetya will also continue when cybercriminals can exploit known vulnerabilities on a global scale. The lessons learned from 2017 have reached a critical point for healthcare to ensure hospital attacks on IT infrastructure and medical devices are now protected. Vendors are responding with innovative solutions that may stop a ransomware encryption attack. We look forward to partnering with vendors who can provide this new level of cyber defense.

Vendor White Papers:

Cisco
Ransomware Defense Validated Design Guide (PDF)
US Department of Justice
How to Protect Your Networks from Ransomware
ECRI
2018 Top 10 Tech hazards: Ransomware
ComputerWeekly
WannaCry a signal moment, says NCA
Which?
Ransomware: what it is and how to stop it

Trend Micro
Ransomware
Heimdal Security
What is Ransomware – 15 Easy Steps To Protect Your System
Microsoft
The Ransomware FAQ
HITRUST and Trend Micro
Collaborative Advanced Cyber Deception Program
June 30th – Varonis
The Complete Guide to Ransomware
MalwareHunter
ID Ransomware: decoding the type of ransomware encrypting your files
IBM Security
Ransomware Client Engagement Guide
trend micro
Ransomware All-in-One Solutions Guide
backblaze
How to Recover From Ransomware
kaspersky
The Rise of Ransomware – Most Glaring Examples from 2015-2016

barkly
The Ransomware Survival Handbook

Vendor solutions:

While early in development many vendors are making strides to confront and mitigate ransomware strains:

ID Ransomware – Malwarehunter

Malwarebytes – Anti-Ransomware Beta

Bitdefender – Anti-Ransomware Tool  and overview

Kaspersky – Anti-Ransomware Tool

WinPatrol – Win Anti Ransome

RansomFree – CyberReason

No More Ransom –  resource clarifying most strains

BartBlaze – Ransomware Prevention

Trend Micro – Anti-Ransomware Tool
Trend Micro – WCRY (WannaCry) Ransomware Attack and Security Protection Solution
Trend Micro – Using the Trend Micro Ransomware File Decryptor
WinPatrolWar – WinAntiRansome
Abelssoft – AntiRansomware
CryptoPrevent – Malware Prevention
GridSoft – GS Anti-Ransomware
Sophos – HitmanPro
NOguard – MoneroPay Decryptor
McAfee – Ransomware Interceptor (Pilot) 

Carbon Black’s The Ransomware Economy: Projections

1 – Based on the direction ransomware is trending, we believe ransomware will increasingly target Linux systems in an effort to further extort more money per infection. For example, attackers will increasingly look to conduct SQL injections to infect servers and charge a higher ransom price. We have already observed attacks hitting MongoDB earlier this year which provide excellent foreshadowing.
2 – Ransomware will become more targeted by looking for certain file types and targeting specific companies such as legal, healthcare, and tax preparers rather than “spray-and-pray” attacks we largely see now. There is already ransomware that targets databases, preying on businesses, and small tweaks to their code can target critical, proprietary files such as AutoCAD designs. A focused targeting of extensions can allow many ransomware samples to hide under the radar of many defenders.
3 – While most ransomware samples we analyzed in recent research simply encrypt files in place and transmit encryption keys for the purpose of decryption, there will be ransomware samples that will take the extra step of exfiltrating data prior to encryption. Not only would such an evolution put stress on companies to restore their data but also incorporate the loss of proprietary data that could be sold on the black market.
4 – Ransomware will increasingly be used as a smokescreen. For example, in the past, Zeus botnet operators hit victims with DDoS attacks after an infection to take investigators off the trail. A similar trend is emerging with ransomware attacks where the encryption of files could take place after more damning actions are taken by adversaries. Using already existing techniques of deleting Volume Shadow Copies, which deletes potential file backups, and the deletion of Windows event logs, adversaries can thwart many incident response efforts by forcing responders to focus on decrypting files instead of investigating data and credentials exfiltrated.
5 – Ransomware will emerge as a secondary method when initial forms of attack fail. Adversaries that rely upon more crafted and targeted attacks may use ransomware as an attack of last resort. Failing to entrench in an environment with a Remote Access Tool (RAT) or exfiltrate data, adversaries can push a ransomware across the environment to ensure at least a minimum return for their effort invested.
6 – Ransomware will be used more commonly as a false flag, as seen with NotPetya. Solely from dynamic analysis, it was perceived to be Petya, when more detailed analysis showed it wasn’t. Such quick analysis also insinuated it to be obvious ransomware, but a greater depth of disassembly showed that data was not held at ransom; it was simply destroyed.
7 – Ransomware will increasingly leverage social media to spread either intentionally or unintentionally. Similar to malware such as Koobface, maliciously shared content on sites such as Facebook could lead victims to click enticing links. Intentionally shared ransomware, seen in prior concepts, such as Popcorn Time where victims could share to reduce or eliminate their ransom, could see larger-scale use.
8 – Ransomware will start to morph to gain persistence on systems to re-encrypt them for more money some period of time later.