Posted by Trevagh Stankard on Thu, May 13th, 2021
Ransomware is on the rise again, discover the latest ransomware trends in this article.
As governments slowly reduce pandemic lockdown requirements and more of the population receive the vaccine, malware authors continue to create malicious software that takes advantage of old and new fears. Researchers announced a trend in new forms of ransomware targeting enterprise organizations, rather than 2020 when malware mainly focused on individuals working from home. As more users return to an office setting, attacker turn their focus on businesses and the many human errors that allow a successful data breach.
Babuk Ransomware and Its Features
The newest ransomware – named Babuk – was designed to target enterprise data. The malware asks targeted victims to pay $60,000 to $85,000 in a ransom in exchange for private keys necessary to decrypt data. Researchers found that Babuk was mainly standard ransomware, but it had a few features that made it specifically designed for businesses rather than individuals. Mainly, it disables many services used in an enterprise environment and not by individual users.
Babuk disables many of the backup features available in Windows. The first disabled feature is the Volume Shadow Copy Service (VSS) used to take backups of files in use. With this feature disabled, users cannot recover their current active files. It also disables file locking mechanism used on open and active files. For businesses leverage backup features in Microsoft Office, Babuk also disables these features as well.
After Babuk disables Windows backup features, it starts the encryption phase. Babuk double-encrypts smaller files under 41MB and splits larger files into smaller parts before the ransomware encrypts them. The ransomware uses a cryptographically secure encryption cipher named ChaCha8 generated from a SHA-256 hash, which is also a cryptographically secure hashing algorithm.
In ransomware that targets individuals, an author will use multiple keys for each user. Babuk only uses one private key, which is another indication that it targets enterprise users. Much of Babuk’s activity is similar to other ransomware, but it’s just as dangerous to business data integrity and privacy as previous ransomware.
How to Protect from Babuk and Other Ransomware
Ransomware is one of the most aggressive malware applications and the biggest threat to data integrity. It can cripple an organization by destroying data and threatening the reputation of its cybersecurity. Customers lose trust in the organization’s cybersecurity and could choose to work with a competitor.
No cybersecurity strategy reduces risk by 100%, but you can take steps to greatly reduce the chance of being Babuk’s next targeted victim. The first strategy is to encrypt important files. By encrypting your files, you make it much more difficult for Babuk to identify files that could contain your important information.
The second strategy is to use cloud backups. Babuk disables many backup services embedded in Windows, but a secondary backup solution that stores files off-site or in the cloud improves disaster recovery. Even if you do become a victim of Babuk, you then have backups that can be used to recover data instead of being put into a position where backups are also encrypted, and the ransom must be paid to gain access to critical data.
Ransomware penetrates organizations in multiple ways, so fighting it requires more than one product. A third strategy is a layered approach to security which. Layered security involves more than simply layering new security tools on top of existing infrastructure. Layered security is an architecture that requires a well-conceived blueprint. Implementation isn't always simple, it requires planning and expertise. Relying on a single security layer is no longer wise in today’s threat landscape. Organizations need to focus on the data they are protecting and build layers of security around it. Your clients and your bottom line will thank you.
This layered approach must also include email filtering. Email filters with artificial intelligence (AI) will identify suspicious messages and attachments and send them to a quarantine where the messages can be reviewed by an administrator. Blocking malicious messages from reaching a targeted user’s inbox reduces risk by eliminating human error. Any attachments with macros, executable files, or messages with spoofed sender addresses would be blocked by email filters. Administrators review quarantined message and send false positives to the intended recipient so that emails are never lost or automatically deleted.
Monitoring software detects suspicious traffic on the network, so it’s also a strategy used to detect malware as it scans for resources. Intrusion detection and prevention monitoring stops malware from encrypting files or exfiltrating data, and then it alerts administrators. Administrators can then investigate and identify any suspicious files and services active on the network. User devices can also run malicious software that scans the network for critical data and files.
Finally, user education helps reduce risks. Human errors are still a threat to the organization, but empowering users with the knowledge of threat detection reduces the risk of them falling for a phishing and email-based malware attack. They see the red flags included in a malicious email message, and they will alert administrators and avoid running attachments on their local devices. Combine user education with the right cybersecurity strategies, and your organization can avoid being the next ransomware victim.
Protect your organization from phishing attacks with SpamTitan Email Security. Start free trial to discover how SpamTitan can help your organization prevent ransomware attacks. Start free trial.