As ransomware recovery and detection tools become more sophisticated, so are ransomware developers. Ransomware is becoming harder and harder to find and encrypted files are becoming much more difficult to recover.
Hackers are finding new ways to avoid detection, Below, we will go over a few new tricks they are using to do so and what you should avoid.
Delivering Ransomware Through Files Rather Than Email
Emailing links are the most common method to delivering ransomware. As people become more educated not to click on questionable links, ransomware creators are using other tactics to attack unsuspecting users. The use of document attachments, such as PDF, word documents, or other file types are newer tactics ransomware creators are using and what to should look out for. Being vigilant to what you click and running scans is the best way to avoiding ransomware attacks,
Improvement of Ransomware Code-Writing Skills
Ransomware creators are improving their ways to avoid decryption tools with the improvement to their code-writing skills. An example of this is the latest update to Cobra Crysis ransomware in late 2017. This decryption has become much more difficult even with a thorough inspection.
The Use of Polymorphic Code
Polymorphic code is another tactic that can complicate the ransomware detection process. This process is utilized when the malware is installed to a victim, The code will then be slightly changed before it spreads again. Polymorphic code can change as quickly as 15 to 20 seconds. As the code continues to change, it becomes much more difficult to stop ransomware.
The Use of Multi-Threaded Attacks
Typically, ransomware attacks are launched in a single process to perform an encryption. With the use of a multi-threaded ransomware attack, the main code launches multiple child processes to accelerate the encryption process, making it much more difficult to thwart.
There are many ways to assist in detecting these new techniques ransomware creators are using to target unsuspecting users. Some tools are taking a more data-driven approach to combat ransomware’s ever-evolving process. Communication and being be vigilant to what you click on through the web and email links/attachments will go a long way to stopping ransomware attacks.
If you have any questions regarding ransomware, visit our More Info page at https://www.colocrossing.com/moreinfo/ to fill out our form and one of our specialists will get back to you!