MAINFRAME > TRENDS > SECURITY

Will You Be the Next Victim of Ransomware?

Ransomware

Let’s look examples of ransomware and how you can detect and prevent an infection. The most common infection mechanism is freeware—a quick fix to a problem that is free. For example, a website that converts .wav files to mp3 files. The attacker will actually convert your .wav files to .mp3 files. The target will download the converted files on their system and try out a few of the mp3s to see if it worked. The first few converted files may be clean, but additional files will contain embedded malware. The target eventually double-clicks on an infected .mp3 and instead of the music playing; an error message may appear that states it could not convert this particular file. The ransomware is now in beginning the encryption.

Malvertising advertises something that is too good to be true. It usually comes in the form of free items—free fonts, free music, free templates, etc.—items that have mass appeal and may be useful. The user clicks on the advertisement and is taken to a deceptive webpage that is constructed to look like a brand name. The free items are downloaded with embedded executables and the ransomware is off and running

How can you avoid being a victim of malware?

You cannot rely solely upon your anti-virus software. The most effective mechanism is training and education that allow you to recognize and discover ransomware. You are responsible for you own safety when it comes to ransomware. Apply the following rules to determine if the website or software may be malicious:

  1. Is it a website that you have used before and downloaded software from? If no, then you should raise your suspicion.
  2. Does the website domain contain a name brand embedded within the domain? For example, www.ibm.com is a valid and recognizable domain. However, ibm.myadminexperts.com and www.ibm_experts.com are suspicious domain names. They contain the brand, IBM, within the base domain or as a sub-domain. When you recognize this, you should treat the website as suspicious. If the base domain is recognizable, such as admin.ibm.com, then treat is as less suspicious.
  3. Did you get to the site for a free download through an advertisement? If so, then raise your suspicion.
  4. Did you receive the download request or request to visit a website via email? Have you received email from the individual before? Does the domain of the email contain embedded brands as described above? If you answered yes to any of these questions, raise your suspicion.
  5. Is there a sense of urgency in the messages from the website or email? If so, raise your suspicion.
  6. Is the service free with no offers for a paid upgrade later? If so, raise your suspicion.
  7. Are you downloading a .pdf or Word document? If so, be sure to turn off auto-execute macros in your application. If the document asks you to execute a macro after opening it, say no.
  8. Check for oddities in spelling or grammar in the email or web content. If there are frequent errors, raise your suspicion.
  9. No matter what, when you receive a link from what you think is a trusted site you subscribe to (reset password, subscribe to a new service, download a new update, etc.), close the email, log into the site and perform the action or look for the described content.
  10. Finally, you can submit the website domain, URL, document or downloaded executable to a free virus scanner such as www.virustotal.com.

Ransomware is a commoditized attack and pervasive in the industry. Typical signature based anti-virus systems are not foolproof and can be obfuscated by the attacker by constantly changing signatures. Educating end users in how ransomware infects a system, how to recognize ransomware and what the key indicators are of a threat that may compromise a system are essential in thwarting the attacks.



Like what you just read? To receive technical tips and articles directly in your inbox twice per month, sign up for the EXTRA e-newsletter here.


comments powered by Disqus

Advertisement

Advertisement

2017 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

Application Integration With PCI

The problematic nature of PCI-compliance application integration makes research, analysis and planning important. It can also greatly simplify and reduce the effort involved.

Upgrade Your Mainframe with Operational Business Intelligence

Companies race to transform their businesses by delivering operational insights to their employees

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
Mainframe News Sign Up Today! Past News Letters