Cybersecurity Insurance Checklist - Meet Insurance Requirements with BeyondTrust PAM Download for Free

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Cryptolocker - The battle for data security

October 20, 2017

  • Blog
  • Archive

Ransomware has exploded onto the radar of security teams in recent years due to highly aggressive tactics which are often impossible to recover from. Ransomware is on the increase and has evolved rapidly from the high profile Cryptolocker outbreak.

The risks of wide spread data loss are ever increasing as ransomware begins to target backups and data on network shares.

The premise is simple, capture data that is valuable to the user by encrypting it in situ and then charge the user a fee to release it back to them. Since it first appeared in 2013, Cryptolocker itself has amassed around 500,000 victims.

Those infected were initially presented with a demand for $400 (£237), 400 euros ($535; £317) or an equivalent amount in the virtual Bitcoin currency. Victims had 72 hours to pay up or face their files being destroyed.

Analysis of the back-up database indicates that only 1.3% of all the people hit by the malware paid the ransom and yet despite the low response rate, the cybercriminals are believed to have netted about $3m from Cryptolocker.

The power of this type of ransomware is in its simplicity. With access to all of the users' files and Windows cryptographic tools, data can easily be encrypted even without the user having administrator rights. This results is the perfect malware storm; a devastating attack generating large revenues that requires little technical skill to create.

An evolving threat

The effectiveness of ransomware like Cryptolocker has spawned a succession of new threats. The advent of CryptoWall and TorrentLocker are all hitting businesses and consumers hard and spreading the fear of infection beyond just an IT department.

In fact, Cryptowall V3.0 also known as Crowti has been encountered several times in the Avecto Malware Lab since mid-January 2015 and represents the latest evolution in ransomware. The sample analyzed was dropped by the Magnitude exploit kit as part of a phishing email campaign that linked to malicious websites.

Compared to previous versions, the latest version is simpler and more lightweight. In line with general malware trends towards multi-stage attacks, it no longer checks to see if it is being executed in a virtual environment.

Layers of defense

Ransomware exploits the fact that Windows allows applications, both good and bad, to access the user's data. As threats change rapidly to evade detection, often utilizing social media to spread, it is impossible to prevent them appearing on the endpoint.

The best way to mitigate these threats is to implement a defense in depth approach, layering technologies that can block and isolate threats on the endpoint. Privilege Management can contain threats within the user account and Application Control prevents untrusted content such as malware payloads from executing.

An important last line of defense is Sandboxing. Many exploit kits exploit weaknesses in the browser and plugins like Java, Flash and Silverlight to run Ransomware on the endpoint. Other attack vectors can be found in malicious documents, or simply from tricking the user into running malware thorough worms found in many popular websites, such as Facebook. Sandboxing allows you to safely contain such web threats and isolate any malicious activity, without restricting your people.

Fight back with Defendpoint

Defendpoint allows you to take a proactive stance in safeguarding the endpoint against advanced attacks like Cryptolocker. The evolution of malware means they can regularly evade detection by firewalls, network sandboxes and anti-virus technologies, leading to devastation on the endpoint.

Defendpoint layers additional defenses on the endpoint using a unique combination of Privilege Management, Application Control and Sandboxing technology to safeguard users and their data. This powerful combination allows Defendpoint to secure the endpoint against the widest range of attacks, without reducing usability or impacting on productivity.

Photograph of James Maude

James Maude, Lead Cyber Security Researcher

James Maude is the Lead Cyber Security Researcher at BeyondTrust’s Manchester, U.K., office. James has broad experience in security research, conducting in-depth analysis of malware and cyber threats to identify attack vectors and trends in the evolving security landscape. His background in forensic computing and active involvement in the security research community makes him an expert voice on cybersecurity. He regularly presents at international events and hosts webinars to discuss threats and defense strategies.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Microsoft Vulnerabilities Report 2021

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.