Heuristic Attack on Ransomware to Protect Your Business

Reading Time: 3 minutes
Rate this post

If you are running or heading a business, then these are questions you would have asked yourself often:

  • Is my data protection fast enough to win the business race?
  • Is the business driving with the control needed to win the data protection race?
  • Can I dodge ransomware obstacles at the speed of business growth

Ransomware in 2017

2017 has probably gained popularity for the multitude of malware attacks, especially ransomware. Nearly 99 countries including India were affected by these attackers. Among the several attacks, a few that gained notorious popularity include:

  • NotPetya which started as a fake Ukranian tax software update and infected thousands of computers in more than 100 countries in just a few days, causing massive financial woes. This ransomware is a variant of Petya, but uses the same exploit behind WannaCry.
  • Jaff worked on the Necurs botnet to send millions of spam emails globally in just a few hours in May 2017. It demanded that victims pay 1.79 Bitcoins worth today $6,000+.
  • WannaCry (also known as WannaCrypt) was a devastating ransomware attack creating history by affecting thousands of machines and crippling banks, law enforcement agencies, and other infrastructure. It was the first strain of ransomware to use EternalBlue, which exploits a vulnerability in Microsoft’s Server Message Block (SMB) protocol.

With technology taking on a new garb every other day and bettering itself, it is of prime importance to find the easiest, fastest, optimal and active protection backup solution from ransomware for our stored data on the local drive and the cloud.

What is Ransomware?

Ransomware is a very painful type of malware. It is a malicious software that encrypts data, effectively stealing it from us, and asking us for paying a ransom for deciphering and returning us access to it. when ransomware infects our system, it blocks access to our data until the payment is delivered to the criminals who are extorting us or our business. It’s an illegal threat to our data.

Attacking Ransomware head on

Heuristic Detection Approach is a popular method to detect malicious data and blacklist it to ensure your computer is safe from it even during future attack attempts. It is an advanced approach that can leverage the signature of a ransomware to detect thousands of files belonging to the same family by comparing a chain of file system events performed on the data to a database of malicious behavior patterns.

Behavioral heuristics are accompanied by white and black lists. The heuristic approach observes patterns to how data files are changed on a system. One set of behaviors may be typical and expected. Another set of behaviors may signal a suspected process taking hostile action against files based on malicious behavior patterns. This approach can be exceptionally powerful in detecting ransomware attacks, even from ransomware variants that are as-yet unreported or unidentified.

There are many interesting patents filed in this space. Take Korean patent KR101780891B1 for instance. This patent details a method to block a ransomware based on a white list and a black list. It describes there is a user terminal that includes a black list and white list storage module and determines whether a file belongs to one or the other list. If the requested file corresponds to the black list, it’s access will be blocked by the ransomware blocking module.

Another patent US20180007069A1 filed by Simon and Tiernan in January, 2018, discloses a method of Ransomware Protection for cloud file storage to protect files from ransomware infections caused on an endpoint device. A heuristic or rule-based technique is employed to recognize sequences of file operations that may indicate ransomware activity.

Heuristic approach is proving powerful in protecting against ransomware today. However, as integrated devices become more commonplace in the coming years, ransomware and its attacks will become more advanced. Law enforcement systems are making efforts to reduce these risks by collaborating with organizations like the Cyber Threat Alliance and No More Ransomware. However, this does open doors to more active development of anti-ransomware products to protect global networks, making this a lucrative research subject.

Featured image is intended for representational purpose alone and has been sourced from 
https://pixabay.com/photos/ransomware-cyber-crime-security-2320793/

Shikha
Shikha

A technology enthusiast who loves exploring gadgets by decoding the software used behind it. Shikha is an electronics and communication engineer and she keeps herself updated by reading technology blogs and whitepapers on cloud computing, networking and telecom.


Post a Comment

Your email address will not be published. Required fields are marked *