Ransomware, one of the most popular current attack vectors, occurs when an attacker uses malware to encrypt data and then asks for money to decrypt it. This attack type doesn’t seem to be slowing down; in fact, it’s expected to gain more popularity this year, according to PhishMe.

What Makes Ransomware a Flourishing Market?

The FBI said it received more than 2,400 complaints about ransomware last year, costing the victims over $25 million dollars. CryptoWall, TeslaCrypt and Locky are the most popular versions of this malware, and to date, the safest way to get your data back is by paying ransoms.

PhishMe projected more new ransomware in the upcoming weeks since it is a promising and easy market for cybercriminals all over the world. That’s because users are still extremely susceptible to phishing attacks, pop-ups and malicious links, pictures and flash banners. Users are often clicking without paying attention or without knowing the link’s source and destination.

Antivirus Is Not the Answer

Many software companies advertise solutions for ransomware, but the success rate is not totally satisfying. These solutions often work by maintaining a huge database of digital signatures of known viruses. When a scanned file matches a known malware, it will be quarantined and deleted.

This approach can protect your computer against well-known malware but won’t help when a virus is too new to be stored in the digital signatures database. Not only that, but some ransomware encrypt their own source code or modify it constantly, making detection much harder for antivirus software.

The Good News

The good news is that most types of ransomware are not self-propagating on a network, meaning that even if you got infected by clicking the wrong link or downloading the wrong file, it will only infect your computer and won’t spread to others connected to the network.

To avoid infection, here are actionable ideas to start with:

  • Make sure to back up your data now before it’s too late! Act fast — don’t wait for something to happen.
  • Always be aware of threats and think twice before clicking on a suspicious link.
  • Make sure your antivirus solution is up to date.

Download the complete Ransomware Response Guide

More from Advanced Threats

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

4 min read - You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on a threat hunting exercise, however, it’s important to understand how to build, implement and mature a repeatable, internal threat hunting program. What are the components…

4 min read

Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data

4 min read - Shopping online is an increasingly popular endeavor, and it has accelerated since the COVID-19 pandemic. Online sales during the 2021 holiday season rose nearly 9% to a record $204.5 billion. Mastercard says that shopping jumped 8.5% this year compared to 2020 and 61.4% compared to pre-pandemic levels. Cyber criminals are not missing this trend. The Ramnit Trojan, in particular, is out for a shopping spree that’s designed to take over people’s online accounts and steal their payment card data. IBM…

4 min read

Detections That Can Help You Identify Ransomware

12 min read - One of the benefits of being part of a global research-driven incident response firm like X-Force Incidence Response (IR) is that the team has the ability to take a step back and analyze incidents, identifying trends and commonalities that span geographies, industries and affiliations. Leveraging that access and knowledge against the ransomware threat has revealed tools, techniques and procedures that can often be detected through the default Windows event logs (WELs). In particular, the X-Force IR team has identified several…

12 min read

How to Report Scam Calls and Phishing Attacks

5 min read - With incidents such as the Colonial Pipeline infection and the Kaseya supply chain attack making so many headlines these days, it can be easy to forget that malicious actors are still preying on individual users. They're not using ransomware to do that so much anymore, though. Not since the rise of big game hunting, anyway. This term marks ransomware actors' shift away from attacks against individual users and towards operations targeting large enterprises, noted CNBC. But attacks like phishing and…

5 min read