Thursday, March 26, 2015

Ransomware Next Gen - are you ready?

So you've dealt with that dodgy, in some cases - well written, email from the TAX office or the motor regitry telling you to click on the link and see what you have been fined for. Or atleast dealt with it in the best possible ways you could. 

Also, you've been through the whole nine yards with those 'special' employees of the month who actually went through all the steps usually involved in successfully executing a ransomware file and managed to get their files encrypted. 

It has happened so much in the past few months that finally most people in your organisation (including the front-desk staff) have gotten the point. Or, well, most of them have. People have stopped opening the emails, downloading the resumes sent to them (even when they have not advertised for a job) and then unzipped the files to be able to read (execute) the resume of some random guy who applied for a job you never actually advertised. Again, most of them have - at least the ones who've read your red-bold-fonted emails telling them not to. 

So, the situation that faces us (or vice versa) begs the obvious (or does it?). What's next?

As with most things - there will be newer versions. OH! There have been. Like, hundreds of them on a weekly basis (if you trust IT Security stats put out by reputable firms). Which leads someone like me to believe that we are very close to seeing the next-generation of ransomware that acts in a similar way but breaks in using much more sophisticated and complex methods.

Next-gen Ransomware will be be smarter, better and bigger.

Infection sources will change.

Infection methods will evolve. 

Next-gen Ransomware will no longer depend on propagation through spam.

We will see more and more ransomware relying on vulnerabilities rather than naiveté (techs can read 'stupidity') and lack of education.

Some highly complex and advanced ransomware will be able to exploit zero-days within the next twelve months. 

Based on all of the above (and everything else that could and would be added to this list in coming days) the question that companies (especially security proffessional responssible for the security) need to ask and responsibly address, is 'How to be  prepared?'.

I'm not the last word onn thesee things (I keep ggetting told!) but I think a few things that can be looked at ass a start are:

How good  are you in managing vulnerabilities in your IT-Infrastructure? 

Is your patcch-management system bad-ass enough?

Is most of your Security Infrastructure Next-Gen in itself?

Who is looking after your incidents currently?  Are they proactively analysing the current threats andreporting  them?

Most importantly, dddo you have the right llevel of support in pllace  - this is what will matter most when  yyouknowwwhat will hit tthe proverbial fan!