Ransomware is malware that denies access to an organization’s data, typically by encrypting it with a key known only to the attacker. Organizations cannot patch or defend against ransomware in a single way. All attacks are different but it usually represents the final stage of a complex attack by an ecosystem of criminals who methodically infiltrate and seize an organization’s electronic assets. Their goals include holding these assets for ransom, stealing intellectual property, and extorting both the primary victim and their customers.
Infection Vectors
Malware often enters through malicious downloads, email links, advertisements, phishing attacks, social network messages, and websites. Recently, aggressive worms have spread ransomware using unpatched vulnerabilities and targeted brute force attacks against public-facing software and services, like Remote Desktop Protocol (RDP). When an end user executes malicious content, attackers gain a foothold in the organization through that compromised endpoint and user account. They then establish persistence and move laterally to attack other targets inside the network’s perimeter security defenses.
Ransomware Operation
Once deployed, ransomware encrypts files or entire file systems. It blocks user access until victims pay the ransom, often displayed in warning messages. The ransom note typically threatens permanent data loss and public release of intellectual property or embarrassing content. These criminal enterprises also steal data from their victims to sell directly and extort the victim’s customers. This “double extortion” threatens to expose confidential details of the victim’s customers unless they pay an additional fee. This threat particularly affects organizations with sensitive customer data, such as law firms and accounting firms.
Risks of Paying a Ransom
Paying the ransom does not guarantee the return of encryption keys or a working decryption process. It also doesn’t ensure criminals won’t steal data or further extort victims and their customers. These are criminals, after all.
Ransomware Targets and Attack Vectors
Ransomware targets all organizations, including individuals, businesses, nonprofits, government agencies, healthcare services, and educational institutions of all sizes. While criminals use various ransomware strains and toolkits, they employ common attack vectors. These include brute force attempts on public-facing services like RDP, exploitation of outdated software, and unpatched known vulnerabilities.
Defending against ransomware requires a holistic approach, involving people, processes, and technology to detect and contain attacks before they cause major harm and disruptions.
More Information
For more VMware vSphere and VMware Cloud Foundation security & ransomware resources please visit:
- https://bob.plankers.com/vmware-security
- https://bob.plankers.com/vmware-ransomware
- https://bit.ly/vcf-security
