BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    Use Cases and Industries
    See All Products
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Cryptolocker - The battle for data security

October 20, 2017

  • Blog
  • Archive

Ransomware has exploded onto the radar of security teams in recent years due to highly aggressive tactics which are often impossible to recover from. Ransomware is on the increase and has evolved rapidly from the high profile Cryptolocker outbreak.

The risks of wide spread data loss are ever increasing as ransomware begins to target backups and data on network shares.

The premise is simple, capture data that is valuable to the user by encrypting it in situ and then charge the user a fee to release it back to them. Since it first appeared in 2013, Cryptolocker itself has amassed around 500,000 victims.

Those infected were initially presented with a demand for $400 (£237), 400 euros ($535; £317) or an equivalent amount in the virtual Bitcoin currency. Victims had 72 hours to pay up or face their files being destroyed.

Analysis of the back-up database indicates that only 1.3% of all the people hit by the malware paid the ransom and yet despite the low response rate, the cybercriminals are believed to have netted about $3m from Cryptolocker.

The power of this type of ransomware is in its simplicity. With access to all of the users' files and Windows cryptographic tools, data can easily be encrypted even without the user having administrator rights. This results is the perfect malware storm; a devastating attack generating large revenues that requires little technical skill to create.

An evolving threat

The effectiveness of ransomware like Cryptolocker has spawned a succession of new threats. The advent of CryptoWall and TorrentLocker are all hitting businesses and consumers hard and spreading the fear of infection beyond just an IT department.

In fact, Cryptowall V3.0 also known as Crowti has been encountered several times in the Avecto Malware Lab since mid-January 2015 and represents the latest evolution in ransomware. The sample analyzed was dropped by the Magnitude exploit kit as part of a phishing email campaign that linked to malicious websites.

Compared to previous versions, the latest version is simpler and more lightweight. In line with general malware trends towards multi-stage attacks, it no longer checks to see if it is being executed in a virtual environment.

Layers of defense

Ransomware exploits the fact that Windows allows applications, both good and bad, to access the user's data. As threats change rapidly to evade detection, often utilizing social media to spread, it is impossible to prevent them appearing on the endpoint.

The best way to mitigate these threats is to implement a defense in depth approach, layering technologies that can block and isolate threats on the endpoint. Privilege Management can contain threats within the user account and Application Control prevents untrusted content such as malware payloads from executing.

An important last line of defense is Sandboxing. Many exploit kits exploit weaknesses in the browser and plugins like Java, Flash and Silverlight to run Ransomware on the endpoint. Other attack vectors can be found in malicious documents, or simply from tricking the user into running malware thorough worms found in many popular websites, such as Facebook. Sandboxing allows you to safely contain such web threats and isolate any malicious activity, without restricting your people.

Fight back with Defendpoint

Defendpoint allows you to take a proactive stance in safeguarding the endpoint against advanced attacks like Cryptolocker. The evolution of malware means they can regularly evade detection by firewalls, network sandboxes and anti-virus technologies, leading to devastation on the endpoint.

Defendpoint layers additional defenses on the endpoint using a unique combination of Privilege Management, Application Control and Sandboxing technology to safeguard users and their data. This powerful combination allows Defendpoint to secure the endpoint against the widest range of attacks, without reducing usability or impacting on productivity.

Photograph of James Maude

James Maude,

James Maude is the Lead Cyber Security Researcher at BeyondTrust’s Manchester, U.K., office. James has broad experience in security research, conducting in-depth analysis of malware and cyber threats to identify attack vectors and trends in the evolving security landscape. His background in forensic computing and active involvement in the security research community makes him an expert voice on cybersecurity. He regularly presents at international events and hosts webinars to discuss threats and defense strategies.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Mapping BeyondTrust Solutions to the Identity, Credential, and Access Management (ICAM) Architecture

Whitepapers

Four Key Ways Governments Can Prepare for the Growing Ransomware Threat

Whitepapers

The Operational Technology (OT) Remote Access Challenge

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.