Print Posted by CrowdStrike on 05/03/2017

The Threat Of Fileless Ransomware

By: Con Mallon
The Threat Of Fileless Ransomware

Article - Ransomware. Ask InfoSec professionals, and they will not mince words: This is no passing threat. By the numbers, ransomware attacks doubled in 2015, the number of new variants increased by 17 percent through Q1 2016, making ransomware a billion-dollar business last year.

More worrisome? It’s not done evolving. Attackers are coming up with new ways to infect corporate systems, using techniques such as fileless ransomware — which isn’t detected by current antivirus programs because it doesn’t write anything to disk. Here’s what you need to know about ransomware and its impact on B2B organizations.

Ignore at Your Peril

For B2B enterprises and business managers, it’s easy to argue that emerging ransomware threats don’t really pose a risk — after all, aren’t hackers looking to compromise high-profile retail companies and organizations that handle valuable personal information?

Here’s the truth: Attackers are looking for the easy way in, the network vulnerability or phishing email that grants access and lets them start the infection process. The relative “worth” of an organization isn’t the primary consideration; more important is the ability of malicious actors to bar access to a company’s critical data, in turn forcing them to pay or risk losing it all. In a B2B context, for example, this might take the form of compromising e-commerce platforms or locking out all customer profiles, severely reducing the ability of your company to conduct day-to-day operations. Faced with the prospect of hemorrhaging money or paying the ransom, many organizations take the simpler route.

Big Phish

Here’s the thing: Ransomware isn’t a stationary target. By the time security teams have fully analyzed current strains, malware makers have developed new iterations such as leveraging existing vulnerabilities in trusted systems or locking backup files. One insidious threat now making the rounds is known as “fileless ransomware,” and uses legitimate administrative tools to run command lines and download malware packages without being detected by antimalware tools.

There are two common methods — phishing-based and browser-based. In the first, users receive a well-crafted phishing email that prompts them to open an attached document. The document contains malicious macros that automatically start a command line and run a PowerShell script straight into memory. That script downloads additional scripts and encryption keys, and suddenly your data is no longer accessible. Browser-based attacks, meanwhile, happen when users visit compromised websites — they may come as email links or exist as “spoofed” copies of legitimate sites — and vulnerable applications running on PCs are compromised, allowing attackers to start a command line, run PowerShell and start a ransomware download.

In both cases, attackers don’t require victims to download a single file — opening a compromised document or visiting a malicious website is enough to start the process and allows the attack to fly under the radar until it’s too late.

Dedicated Defense

How do you stay safe and ensure B2B platforms and resources remain under your control? First, identify your risk. Are staff members visiting potentially dangerous websites, and are macros set to execute without approval?

Small changes to browser behavior and word processing permissions can limit your attack surface. But that’s not enough. With existing methods such as signature-based detection, sandboxing and even machine learning likely to ignore fileless and other emerging attacks, companies need a new way to think about threat tracking. One option is targeting the “indicators of attack” (IOAs) rather than eventual outcomes. This means tracking and terminating processes that, even if occurring under seemingly legitimate circumstances or with approved tools, include code execution, attempts to obfuscate activity or lateral movement across your network. Proactive detection of these indicators can help stop ransomware in its tracks.

Want to know more about the changing environment and risks of evolving malware for B2B organizations? Start with this infographic, and discover ways to make your enterprise ransomware-resistant.
How Ransomware Uses Powershell

Download Infographic as PDF

Author bio: Con Mallon is a Senior Director of Product Marketing at CrowdStrike, responsible for product positioning and messaging, go-to-market programs, competitive differentiation, and sales assets and tools. Con started his career in the United Kingdom and has over 20 years of marketing and product management experience within the technology sector.

Technology from
Contact This Sponsor

B2B Solutions Newsletter