Ransomware has gotten much more intelligent in the last year, and it now represents one of the most damaging and widespread cybersecurity threats that businesses face on a daily basis. According to SophosLabs, ransomware is now so sophisticated it can target specific countries and locations and use appropriate vernacular languages, logos, local information and payment methodologies — making the ransomware delivery email or other mechanism a believable, effective method of social engineering.
Once the social engineering is successful — usually as soon as the end user trusts their email or attachment enough to open it — the infection takes place, and the ransomware Trojan begins encrypting files behind the scenes in preparation for its typically exorbitant ransom demand.
When It Comes to Ransomware, the Numbers Don’t Lie
Just in the last year, 24 million ransomware attacks have taken place in the U.S. alone, but thousands go unreported — so the numbers are likely much higher. Approximately 390,000 malicious programs are registered daily by the AV-TEST Institute.
More than 500 known malware evasion behaviors are in existence, and around 97 percent of malware is unique — making signature-based security measures virtually useless.
Hackers Are Leveraging JavaScript and Its Extensive User Base
Lately, ransomware hackers have begun using JavaScript injections to propagate malware across the web. Since JavaScript is a language that most websites are intimately familiar with as part of their programming interface, it makes a particularly vicious attack mechanism against weakened defenses. As it is nearly impossible to enjoy any functionality while browsing the internet without JavaScript these days, most websites and browsers are sitting ducks as potential ransomware targets — and hackers, of course, exploit this weakness as often as possible.
Sticking to Browsing Legitimate, “Safe” Websites Is No Longer Enough to Protect You Against Ransomware
Don’t make the mistake of thinking that sticking to well-known, authentic websites will protect you against ransomware; the hackers have already evolved beyond that. Basically, a JavaScript-enabled ransomware attack will target a high-traffic, popular business’ website and redirect users to malicious sites without the victim’s knowledge. Once the user unknowingly visits the hacker’s site, the infection process begins.
The Latest JavaScript Ransomware Strain Is Known as “RAA,” and It Is Multi-Faceted and Ruthless
In these latest ransomware infections, JavaScript (a well-known and common programming language that’s behind the scenes in most website environments) isn’t the vehicle for download of the ransomware — it IS the ransomware, and it is ruthless in more ways than one.
RAA ransomware delivery begins with an email attachment that impersonates a legitimate Word.doc file called “invoice.txt.” Once a victim opens the attachment, the Trojan launches a series of scrambling and locking of user documents and files, all the while downloading and saving additional malicious files onto the computer.
Unfortunately, the worst part about RAA isn’t its efficiency in encrypting files and data. RAA saves the best for last, and waits until the unsuspecting victim starts logging into bank and credit card accounts to access money to pay the ransom in return for the files. It is at this point when the password-stealing Trojan comes to life, recording sensitive financial data and passwords, while the user is preoccupied with securing the ransom funds.
What Can a Business Do to Defend Against Ransomware?
To protect your business against the constantly developing threat of ransomware, you need to be proactive. Follow these four best practices to help mitigate the damage of a ransomware attack:
- Testing: Work with a trusted IT security professional to implement an incident response plan, and test it regularly to be sure that it stays relevant and effective.
- Training: Be sure employees are fully aware of the gravity of a ransomware threat. Train them in effective ways to avoid becoming a social engineering victim, as well as in best practices for password security and BYOD/BYON (bring your own device/network).
- Technology: Utilize multiple backup methods, including one in the cloud, one on site, and one offsite for ultimate protection.
- Timeliness: Have your IT managed services professional regularly and frequently update and patch software to decrease vulnerabilities.
In the face of the growing threat of ransomware to local Charlotte area businesses, Sterling Technology Solutions has extensively studied ransomware’s recent advancements and developed unique, effective solutions to help protect your valuable business assets.
InfiNet Solutions is your local Charlotte, NC cybersecurity and managed IT services expert. We specialize in protecting area North Carolina businesses from the ever-evolving threat of ransomware and other cyberattacks. If you’d like to discuss your business’s protection against the latest cybersecurity threats, contact us at (402) 895-5777 or send us an email at [email protected] for more information.