Phase 1: Exploitation and Infection
Malicious ransomware needs to be installed on a computer to be successful. This is often completed through a phishing email or an exploit kit. An exploit kit is a malicious toolkit used to exploit security holes in software applications.
Phase 2: Delivery and Execution
Once exploitation is complete, typically within a few seconds, the delivery of the actual ransomware is delivered to the victim’s system.
Phase 3: Backup Spoliation
In phase three, the ransomware Trojan targets and deletes the company’s backup files. This is especially dangerous because without backup files victims have no way to recover from the attack.
Phase 4: File Encryption
Once the backups are compromised, the encryption keys will be used to unlock the files once the victim pays the ransom demand.
Phase 4: User Notification and Cleanup
Now that the backup files are removed and the encryption is complete, instructions for extortion and payment are demanded. Generally, a company will be given a few days to pay the ransom before the cybercriminals increase the payment amount.
Ransomware can be delivered via “drive-by” infections. Taking advantage of vulnerabilities in common browser plugins, like Flash or Java, simply visiting a compromised site, or even viewing a malicious ad on an otherwise safe site, is all it takes for the malware to take hold. So in addition to keeping your operating system up to date, it’s just as important to keep your browser and its associated plug-ins up to date.
The National Institute of Standards and Technology (NIST) recently published updates to their digital identity guidelines that advised companies to:
Studies have shown that frequent password changes actually lead to weaker credentials. Users are more likely to create short, easy-to-guess passwords because they’re forced to create and remember a new password every couple of months.
Companies just have to look at the most used passwords to see that users are still settling for convenience over security. To make things even worse many of these passwords have been compromised in previous breaches. Screening these passwords means that you can avoid using very weak passwords.
Asking users to include at least one uppercase letter, number, and symbol results in passwords like “Fido123!” and “Jessica1234%” which are very predictable and easy to crack.