Ransomware could cause secondary or tertiary damage through equipment such as file servers or network share devices. If the initial victim’s computer is connected to a file server, the ransomware could get distributed to the entire network via the server.
FireEye security solutions provide visibility over the entire ransomware attack process and present a security strategy for effective response. They are customized based on the ransomware’s intrusion path (web or email).
The M-Trends 2016 Annual Threat Report1 indicates that Mandiant Consulting responded to more clients dealing with digital blackmail schemes than previously. Most cases cited impacts to either the confidentiality or availability of data. Targeted organizations were threatened with the public release of sensitive data while targets of opportunity were typically infected with commodity ransomware such as TorrentLocker or CryptoWall. For example, the Hollywood Presbyterian Medical Center in Los Angeles was attacked on February 5, 2016.
2 While they lost access to electronic patient records and email, the attack did not affect the hospital’s delivery and quality of patient care. Business operations and administrative functions were significantly “affected,” causing the hospital to reportedly pay a ransom equivalent to approximately USD 17,000. Attacks like this don’t just happen in the United States. Ransomware and targeted disruptive attacks are widespread across Asia and Europe. Ransomware has typically affected English applications on Microsoft Windows operating systems. In April 2015, ransomware in Korean was first discovered3 being distributed through clien.net, a popular IT community website in Korea. Attackers have broadened their reach to other languages, such as Japanese (e.g. TorLocker)4, as well as other operating systems such as Android (e.g. Simplocker)5 and Mac OSX (e.g. KeRanger)6. All organizations, especially now across Europe and Asia, have a more pressing reason to exercise caution against ransomware due to its popularity among malicious actors and widespread distribution.
To reduce the chance of a ransomware attack, organizations need visibility into their internal system security levels and a strong understanding of the attacker tools, tactics and procedures. For information download your whitepaper.