Since 2012 ransomware has been an ever-growing threat. It inflicts catastrophic damage to endpoints, making it one of the most familiar types of computer threats and is well-recognized even by non-techies.
Today too ransomware is a major and constantly growing threat. Just last week several incidents of broad new infections were recorded proving this claim.
Lawrence Abrams recently published a blog post about a new ransomware family named Locky. This appears to be brand new piece of malicious code, yet its effect is the same as the old familiar CryptoWall, CryptoLocker, TeslaCrypt and their counterparts. Abraham's post was soon followed by a series of other reports emphasizing the malware's delivery mechanism – a Dridex-like massive phishing campaign, dropping the encrypting payload with macro-enabled Office lure documents.
This family of ransomware is infecting endpoints on a large scale, blackmailing their victims and extracting hundreds of dollar from each of them. The criminals behind these ransomware can alternatively target the core assets of a single major target. This way, they can hit entities such as large enterprises or emergency service providers and maximize their profits while infecting only a handful of “premium” victims.
The Hollywood Presbyterian Medical Center experienced such a targeted attack last month, and was forced to turn patients away. The hospital’s CEO surrendered to the ransom demand and paid a "mere" $17,000 in bitcoin. Luckily, the hospital regained access to the encrypted files soon after the transaction was completed, and resumed normal operations.
However, many ransomware victims are not so lucky. Even if they wish to pay cybercriminals – various technical difficulties may occur, and the complicated payment process can also deter users unfamiliar with bitcoin and other crypto-currencies. One cyber-gang identified these difficulties and recently launched a new ransomware with an online support chat to guide its victims through the payment process.
...but THERE IS HOPE!
Minerva Labs offers a low footprint endpoint prevention platform, and brings a completely new paradigm to the malware detection problem - “Prevention without detection”. The company focuses on preventing malware execution by using the malware’s strengths against it.
In a nutshell, Minerva's technology causes the malware to think it is about to be executed in a secured environment containing forensic analysis and high-end security products – thus causing the malware to halt its malicious activities as it tries to avoid detection and analysis.
However, at Minerva we are aware that there are no bullet proof solutions and that a defense in depth approach is a must. We therefore developed a unique patent pending solution for remediating damage done by ransomware, such as CryptoLocker, CryptoWall, CTB-Locker, TeslaCrypt, ValutCrypt etc.
This new innovative solution enables the user to instantly restore the encrypted data. This solution was developed without relying on Microsoft's Shadow Copy service or complex backup set-ups requiring extra pricy storage hardware.
Minerva Anti-Evasion Platform simultaneously empowers existing security products and improves detection rates, thus increasing the organization’s overall return on security investment (ROSI).
Minerva – zero-day will wait for tomorrow
This year at RSA, Minerva Labs will be introducing revolutionary innovations in regards end-to-end ransomware solution.
Meet Minerva Labs at RSA Conference 2016
San Francisco, Feb 29th - Mar 4th, 2016
Will be glad to see you at South Hall, Booth #2638.