Ransomware | Polymorphic Malware
Adrien Gendre
—March 03, 2017
—2 min read
Cyber-attacks are a constant threat. They are continuously evolving, increasing in number, and becoming more dangerous. Ransomware is no exception to this trend. In 2016, ransomware became the most common form of malware in the US, with a shocking 600% growth in new ransomware families in just 12 months. As ransomware continues to evolve, its effects are becoming more devastating.
Ransomware is the most common form of malware in the US.
Ransomware Defined
Ransomware is a type of malware designed to encrypt files, rendering them useless, until a ransom is paid. In 2016, the average ransom demand was $679.
Although the ransom amount doesn’t seem like a lot to large organizations, the fact is less than half of ransomware victims fully recover their data, whether they pay the ransom or attempt to restore from a backup. The ransom itself is almost incidental as the loss of data, operational time, and employee/customer confidence is by far the greatest cost of virtually any ransomware attack.
The average ransom demand in 2016 was still only $679, a 131% increase from 2015.
Popular Types of Ransomware
In 2016, three types of ransomware dominated the cyber sphere:
- TeslaCrypt ransomware encrypted victim’s files using AES encryption. For decryption, this software accepted payment through Bitcoin or PayPal. TeslaCrypt was the most popular type of ransomware until June when its master decryption key was publically released.
- Locky ransomware is delivered through malicious .doc files attached to spam emails. The .doc files contain scrambled text which appear to be macro hacks. A macro is a single coding instruction that automatically expands to perform a specific task. In this case, when users have macro settings enabled, the ransomware is automatically downloaded and starts encrypting files. This type of malware is still popular and continues to evolve.
- Cerber ransomware is delivered through malicious links in spam emails. This software is able to encrypt a range of file types and adds a “.cerber” extension to each of the encrypted files. This type of ransomware is popular because it utilizes the ransomware-as-a-service model, making is easy for non-coders to take advantage of the software to make some money.
TeslaCrypt was the most popular type of ransomware until its master decryption key was release late last June.
Polymorphic Malware: Ransomware Variations Confound Signature-Based Email Security.
Obviously, all these basic types of ransomware are well-known to security researchers. So why do they keep spreading and impacting even “well-protected” organizations?
The answer lies in the ugly secret that most email security companies would rather you didn't know. The vast majority of these systems rely on signature-based detection systems. This means that they can only identify known threats. Diligent hackers simply tweak their malware designs until they are sufficiently differentiated from the last known signature to pass muster from the most common email filters… and boom… their ransomware can run rampant until this latest variant is identified and uploaded to a signature database.
In order to protect your organization from the latest variations of ransomware you need email security capable of detecting zero-day threats.
Vade email security provides advanced protection against polymorphic malware, ransomware variations, and other types of zero-day cyber-attacks. Our layered protection approach ensures that malicious emails will be kept away from employee inboxes through an extensive analysis process that includes:
- Fingerprint analysis: quickly removes known threats by referencing two separate anti-virus databases.
- Technical analysis: scans and assesses every URL and attachment for malicious content at the time of user interaction to prevent time-bombed URLs from delivering their payload.
- Behavioral analysis: uses artificial intelligence to analyze stylistic, behavioral, and technical indicators to eliminate any other potentially problematic emails, attachments, or URLs. This last step is what catches the zero-day threats from polymorphic malware like Locky.
Vade approach has been able to identify and stop every known instance of Locky over the past 18-months with 100% accuracy.
Vade also provides efficient protection against other email-borne threats like spear phishing.
Contact us today for a demo.