cybercrime-221128115730-fe6cd22c.pdf
- 3. What is malware? As software designed to interfere with a computer's normal functioning, malware is a blanket term for viruses, Trojans, and other destructive computer programs threat actors use to infect systems and networks in order to gain access to sensitive information.
- 4. How do malware infections happen? Malware authors use a variety of physical and virtual means to spread malware that infects devices and networks. For example, malicious programs can be delivered to a system with a USB drive, through popular collaboration tools and by drive-by downloads, which automatically download
- 5. What Are the Most Common Types of MALWARE Attacks? 1) Adware. 2) Fileless Malware. 3) Viruses. 4) Worms. 5) Trojans. 6) Bots. 7) Ransomware. 8) Spyware.
- 6. What is Ransomware? Ransomware is a malware designed to deny a user or organization access to files on their computer. By encrypting these files and demanding a ransom payment for the decryption key, cyberattackers place organizations in a position where paying the ransom is the easiest and cheapest way to regain access to their files. Some variants have added additional functionality – such as data theft – to provide further incentive for ransomware victims to pay the ransom.
- 7. How Ransomware Works? In order to be successful, ransomware needs to gain access to a target system, encrypt the files there, and demand a ransom from the victim. While the implementation details vary from one ransomware variant to another, all share the same core three stages Step 1. Infection and Distribution Vectors Ransomware, like any malware, can gain access to an organization’s systems in a number of different ways. However, ransomware operators tend to prefer a few specific infection vectors. Step 2. Data Encryption After ransomware has gained access to a system, it can begin encrypting its files. Since encryption functionality is built into an operating system, this simply involves accessing files, encrypting them with an attacker- controlled key, and replacing the originals with the encrypted versions. Most ransomware variants are cautious in their selection of files to encrypt to ensure system stability. Some variants will also take steps to delete backup and shadow copies of files to make recovery without the
- 8. Popular Ransomware Variants Dozens of ransomware variants exist, each with its own unique characteristics. However, some ransomware groups have been more prolific and successful than others, making them stand out from the crowd. 1. Ryuk 2. Maze 3.REvil (Sodinokibi) 4. Lockbit 5. DearCry
- 9. Utilize Best Practices Proper preparation can dramatically decrease the cost and impact of a ransomware attack. Taking the following best practices can reduce an organization’s exposure to ransomware and minimize its impacts: Howto Protect Against Ransomware? Cyber Awareness Training and Education: is often spread using phishing emails. Training users on how to identify RANSOMEWARE and avoid potential ransomware attacks is crucial. As many of the current cyber-attacks start with a targeted email that does not even contain malware, but only a socially-engineered message that encourages the user to click on a malicious link, user education is often considered as one of the most important defenses an organization can DEPOYED. Continuous data backups: Ransomware’s definition says that it is malware designed to make it so that paying a ransom only way to restore access to the encrypted data. Automated, protected data backups enable an organization to recover from an attack with a minimum of data loss and without paying a ransom. Maintaining regular backups of data as a routine process is a very important practice to prevent losing data, and to be able to recover it in the event of corruption or disk hardware malfunction. Functional backups can also help organizations to recover from ransomware attacks. Patching: Patching is a critical component in defending against ransomware attacks as cyber- criminals will often look for the latest uncovered exploits in the patches made available and then target systems that are not yet patched. As such, it is critical that organizations ensure that all systems have the latest patches applied to them, as this reduces the number of potential vulnerabilities within the business for an attacker to exploit. User Authentication: Accessing services like RDP with stolen user credentials is a favorite technique of ransomware attackers. The use of strong user authentication can make it harder for an attacker to make use of a guessed or stolen password.