Skip to main content

Fileless Ransomware - All you need to know.


Fileless Ransomware - All you need to know.





Many global companies, banks, and even some government organizations are struggling to protect everything from the newest type of threat that scared the world — Fileless Ransomware.
The new version of ransomware has arrived — it’s stealthy, almost impossible to detect and is forcing every vulnerable organization to pay the ransom to cyber criminals. These attacks are called “fileless” or non-malware ransomware attacks in which the attack executes malicious commands with Microsoft’s PowerShell.
It’s really important to mention that Non-malware or file-less ransomware (unlike some traditional ransomware) does not use any of the files to encrypt your data, but instead it writes scripts/macros which originate from PowerShell to encrypt the files.
Fileless malware is a unique type of software and it's really difficult to detect because the malicious code is embedded into the native scripting language or written straight into the computer's RAM, where it hides in isolated spots within the computer's memory. It's not written on disk nor does the malicious code rely on the hard drive to run these commands.

What are the biggest problems with this attack?

1. Any kind of antivirus software is useless.
2. This ransomware strain allows cyber criminals to have access to your systems. This means that they can infiltrate your computers, steal your information and encrypt your files without your IT staff even knowing.
3. It can lead to more attacks. As the cyber criminals are writing scripts they’re also gathering as much data from the victim’s computer as possible.

Prevention techniques:

Even if we can’t protect our systems to be 100% secure, there are certain measures you can take to significantly reduce the risk:
  1. Make regular Back-ups of your important data to another disk that will not be connected to the internet.
  2. Disable auto-start of every macro and avoid suspicious files.
  3. Be smart and filter your e-mails and block them if they look suspicious to you.
  4. Never visit a website that looks suspicious and never download any add-ons, plugins which are usually fake.
  5. Configure your windows accounts to be limited as possible and don’t give them administrator rights.
  6. Use good software or hardware firewall and monitor your traffic from time to time.
  7. Restrict user write permissions.
  8. Limit the privileges for PsExec.exe
  9. Install a process manager and monitor your processes from time to time.
  10. Train your staff to be informed about the possible attacks.

Comments

Popular posts from this blog

Hiding files inside an Image on Android

You can hide your files behind an image and this technique is called Steganography. So lets get started. What is Steganography Steganography is an art of hiding a file, message, audio, video, or image within another file, message, audio, video, or image. The word steganography comes from two greek words "steganos" (meaning: concealed) and "graphein" (meaning: writing). The basic difference between cryptography and Steganography is that in cryptography only the message is hidden, but in Steganography, the message and the secret communication are hidden. A lot of good steganographic tools are available for Windows, Mac, and Linux, but not that much for the Android operating system. Now lets see how you can do the same GETTING STARTED Here is how to hide any file inside any image file on android: 1. First, you have to download NiaStego and install it on your android device. 2. Open the app, then you will see a window as shown below. 3. T...

Monitor secret connections that your computer makes.

How to see which websites your computer is secretly connecting to? Has your Internet connection become slower than it should be?  There may be a chance that you have some malware, spyware,  or adware that is using your Internet connection in the  background without your knowledge. Here’s how to see what’s  going on under the hood. It’s worth noting that most third-party firewalls will probably give you  this same type of information as well as block things that are trying to  connect… unless the applications managed to add an exclusion already.  Better check anyway. So, how do you find out what the problem is? There is an easy method using the netstat  command from a command prompt window. This works with Windows 10, 8, 7, Vista, and XP.  If you’re still using XP, make sure you are running at least Service Pack 2,  and just assume that somebody already hacked your computer because your operating  system is now a te...