Ransomware has spread to become a global 21st Century plague, infecting government agencies and businesses of all sizes and in every industry. A form of malware, ransomware is malicious software that prevents victims from accessing their computer files and/or systems until a ransom payment is made.
Ransomware attacks cause disruption to business operations with the potential loss of critical systems and data. It is spread through email phishing, spear phishing, email attachments, vulnerability exploits, computer worms, and many other attack vectors. Although there are countless strains of ransomware, they mainly fall into three types – crypto ransomware, locker ransomware, and double extortion.
Crypto ransomware code remains undetected as long as possible so the hacker can continue to mine cryptocurrency using the victim’s device, encrypting files and self-propagating to other computers and network devices.
Locker ransomware goes a step beyond encryption files, by locking the victim out of their device, where upon the cybercriminal demands a ransom to unlock the device.
Double extortion ransomware not only encrypts files, but it also exports data to blackmail victims into paying a ransom.
Below are some of the most notorious and virulent ransomware variants:
| WannaCry | CryptoLocker | Petya |
| Bad Rabbit | TeslaCrypt | Locky |
| Jigsaw | Cerber | CryptoWall |
| Ryuk | SimpleLocker | Gandcrab |
| SamSam | ZCryptor | Reveton |
Ransomware criminals will take advantage of any software or firmware vulnerabilities, misconfigurations, weak passwords, and unsuspecting users. Bad actors will strike as soon as a flaw or vulnerability is revealed. Therefore, corporate defenders must be proactive, vigilant, and always at the ready.
Defending against ransomware
Common vulnerabilities and exposures (CVEs) are a list of publicly disclosed computer security flaws. They help IT security professionals prioritize and address critical vulnerabilities to ensure their systems are protected against exploits like ransomware. MITRE corporation oversees the CVE program, with funding from the Cybersecurity and Infrastructure Security Agency (CISA).
Deploying penetration testing within the enterprise network removes CVE risk. RidgeBot continuous automated pentesting discovers and protects against CVEs. For every CVE, RidgeBot has two types of Plugins:
- Detection verifies if the vulnerability exists within the environment
- Exploit launches a payload to the threat in order to trigger a vulnerability
To better classify cyberattacks and assess an organization’s risk, corporate defenders and red teams also use the MITRE ATT&CK™ framework. This is a guideline for classifying and describing cyberattacks and intrusions. Also created by the Mitre Corporation, the framework consists of 14 tactical categories that consist of “technical objectives” of an adversary. It provides guidance on how best to prevent and respond to cyberthreats, and is essential for understanding, prioritizing, and mitigating cyberattack risks.
RidgeBot denies ransomware opportunities
Ridgebot is highly effective in validating system capabilities and hardening an organization’s security defense when launching new and updated apps and systems. Ridgebot’s fully automated and continuous security penetration testing couples ethical hacking techniques with AI-driven, decision-making algorithms. RidgeBot locates vulnerable targets, then exploits them and prioritizes their potential business risks within the enterprise.
RidgeBot ransomware template is specifically designed to combat ransomware attacks. Template capabilities include scanning for 27 high-profile ransomware entry point vulnerabilities, launching attacks to exploit these vulnerabilities, detailed reporting on exactly how the successful testing exploitations were achieved, and more.
With the RidgeBot ransomware template, it’s fast and easy to launch an asset scan to detect ransomware related vulnerabilities present within your digital assets. RidgeBot also validates that the vulnerabilities found are indeed exploitable within your current environment. RidgeBot is an automated system that enables enterprises to run penetration tests and attacks whenever there is a new software or system upgrade or update, or new device configuration. It can also be scheduled to run on a regular schedule – weekly, monthly, or whenever IT and security personnel deem it necessary.
Because ransomware is continuously evolving and the number and sophistication of attacks are increasing, every organization is at risk. Automated pentesting is a critically important piece of a multilayered security arsenal that helps ensure corporate systems and data are protected.
Click here to get our whitepaper and learn more about how RidgeBot can help you defend against ransomware.