Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

A hacker’s guide to Ransomware: How to successfully lose your data

October 20, 2017

  • Blog
  • Archive

To be clear, a ransomware developer’s goal is not to destroy your data. The main driver is money, and they care about lining their own wallets (usually bitcoin wallets but this does not make a big difference to you,) which means that destroying your data isn’t really the goal they are trying to achieve.

They usually try to make it impossible for you to use your own data, and at the same time they leave a chance to recover from the issue after you pay the ransom. The obvious question here is “why do I have to pay a bad guy instead of hiring a friendly computer expert to do the same job?”

The history of ransomware clearly shows that this approach made a lot of sense in the past. Unfortunately, all those bad guys quickly realized that their victims prefer to recover (even sometimes paying more for it) using any possible way which was not related to supporting cyber crime.

But as long as there is someone to pay, there will be someone to encrypt your data and politely ask for money. The amount of money people are prepared to pay is often breathtaking! According to a public service announcement from the FBI’s Internet Crime Complaint Center (IC3), in the past 12 months the estimated amount of ransom paid for the Cryptowall virus was circulating around $18 million between April 2014 and June 2015.

Nowadays, modern ransomware is not trying to be ‘clean-proof’. Any proficient computer user will quickly mitigate the malware using some webpages or online videos as a guide.

So why is ransomware so dangerous if the malware removal process is so straightforward?

The answer is very simple: it actually encrypts your data instead of destroying it. The encryption process itself has changed over the years to reach its final form of advanced well known and secure asymmetric encryption algorithms. Asymmetric means there is always a pair of keys: one for encrypting only, and the other for decrypting.

Nowadays, ransomware developers really care about the decrypting key. They will never send it to the infected computer during the attack and the only way you can get the key is to pay for it. Even if in the past, we could have somewhat badly (in technical terms) designed malware. Now, if your data is encrypted, the one and only way to decrypt it is to pay for the decryption key. This is not a thing you would actually like to do, right? So please, forget about any decryption based approach – it is virtually impossible without paying. You have to protect your data differently.

Let’s start from the very beginning. A Ransomware attack doesn’t happen by magic. In fact, there are two ways it can happen:

1. Your computer (OS and applications installed) is not up to date.

There are (and always will be) bugs in the software, some of those bugs can be used to take control over your computer and of course to infect it with ransomware as well. If any of those bugs can be used to infect your computer – at some point, someone will try to use it for malicious purposes.

If you do not patch your computer on a regular basis sooner or later it will be infected and that’s what you can be sure about! So if you want to avoid being a victim in this type of attack, a remedy is simple: patch your Operating System and applications. Do not ignore those update messages and annoying restarts. The general rule is simple: get newer versions of applications, update your system, update drivers etc.

2. You have launched a ransomware code (executable / script / macro) on your own.

Bad guys are extremely creative in trying to convince you to run their applications. They will post them on webpages as a video to download, send it to you as a fake invoice via email, drop it on a USB stick and leave it next to your company doors etc. So what can you do about this?

Actually, nothing! But you must be aware that this situation can and does happen. But your role here is quite simple: trust no one and know the context of what you do. Do not go to suspicious web pages, do not download cracks or key generators, do not trust emails even if you can clearly see that a business you recognize has sent you an unexpected invoice. If it doesn’t feel good, it probably isn’t good.

Neither of the above options sound that complicated, but you should be aware that even the smartest IT Security brains in the industry still think about the universal and cost effective solution.

The reality here is as follows: attacks happen and they will happen as long as there are humans on this planet. However they should not happen if you protect your computer properly and as I have mentioned above, trying to decrypt it on your own is usually a complete waste of time.

The deeper you go through dark corners of the Internet looking for the solution, the higher the risk of infecting your computer with another piece of malware. So what do you do?

The answer is extremely easy: perform backups and in case of an emergency restore the data from the backup. The problem is that people have no backup (apparently they have never played football!). Or at least the backup is not up to date or it is not stored on same computer.

If you take one thing away, choose this one: revise your backup strategy and choose one that corresponds to how much your data is worth, perform backups on a regular basis and store them on separate (not connected all the time!) media, well protected from being stolen, dropped, eaten by your dog, left with your laptop bag, out of reach of small children etc. You should definitely have a look at the cloud-based backup and review its terms. Then your data is immediately (and without engaging you) sent to some remote server room and stored safely, just in case you going to need it one day.

Still knowledge-hungry? On the enterprise level, from the technical perspective it is extremely important to prevent unknown code execution, so that whoever is tempted to pay this badly formatted invoice will be prevented to execute whatever is brought with it as a sweet encryption surprise. Of course security awareness should not be neglected, but all these things go together and when wrapped into one reasonable security focused prevention strategy the idyll can become a fact.

Stay CQURE!

Paula Januszkiewicz

Sources: http://www.ic3.gov/media/2015/150623.aspx

Jonathan Clarke

Content Marketing Manager

With a Master's Degree in English Language and Media, Jonathan has a genuine passion for producing compelling and thoroughly researched cybersecurity content. Coupled with a B2B agency background, he is adaptable to a wide range of industry topics, and also looks after BeyondTrust's Public Relations and social media channels. A huge animal lover, he is the proud 'father' of Simba, a very hyperactive German Shepherd dog.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.