2021 has, so far, seen a massive rise in the introduction of new strains of ransomware being used to infiltrate the networks of enterprise organizations.
This represents a shift in the tactics of cybercriminals who spent most of 2020 trying to take advantage of workers who were forced into unsecured home-working environments by the COVID-19 pandemic. In the opening months of 2021 there is a clear surge in the amount of attacks that are concentrating on the employees who are slowly returning to large office settings.
One such strain of ransomware is called Babuk. This involves a request being sent to individuals, whose data has been encrypted, that seeks a $60k-$85k ransom to be transferred in order for the private keys to remove encryption to be handed over. Babuk, which is similar to regular ransomware campaign, includes a number of characteristics that have been designed specifically with companies in mind as a target.
Babuk disables many of the backup features available in Windows. The first feature to be made redundant is the Volume Shadow Copy Service (VSS) used to take backups of files in use. With this feature disabled, users cannot retrieve their current active files. It also disables file locking mechanism used on open and active files. For businesses using backup features in Microsoft Office, Babuk also turns off these features.
Babub then moves on to encrypting the database. This is completed by double-encrypting files that are smaller that 41MB, files larger than this are split prior to encryption. The encryption cipher being used is ChaCha8 which is generated from a SHA-256 hash – a cryptographically secure hashing algorithm. Unlike normal ransomware, Babuk only uses one private key as it is focused on infiltrating enterprise users.
There are a couple of ways that you can prepare for Babuk trying to attack and encrypt your databases. You will mitigate some of the danger by placing your own encryption on particularly important files. This will prevent Babuk from doing the same. Additionally, using a cloud backup will mean that there backups available for you to restore your information without handing over a ransom.
Monitoring software will weed out suspicious traffic on the network and, in doing so, prevent malware from encrypting files or exfiltrating data. System administrators will then be made aware of this and review the activity in question to gauge the threat level. Another strong security measure is using email filters with artificial intelligence (AI) that will allow you to spot potentially dangerous messages and attachments. They can then be quarantined and reviewed by an administrator. This method cuts out the possibility of human error leading to a malicious file being downloaded and initiating an encryption process.
Training and user education will also assist in preventing human error. This will involve providing staff with the knowledge required to spot threat. They will also be able to warn administrators about potential attacks and avoid running attachments on their local devices.
SpamTitan Email Security is a strong cybersecurity solution that will assist greatly in bring the risk of network infiltration down to an acceptable and manageable level. Call SpamTitan now to enquire about a free trial to witness the strength and value of the solution for yourself.