Ask Intronis: What are the newest trends in ransomware?

Posted by Lauren Beliveau on Oct 17, 2016 7:30:00 AM

Ask_Intronis_Logo_2016.png

Q: Ransomware seems to be running rampant. A couple of my customers are concerned about how fast it’s growing, and I was able to put some extra precautions in place to protect them. I want to make sure we stay ahead of the problem, though. What are the newest ransomware threats I need to make sure our customers are aware of?

Scouring the Internet on a regular basis and learning about the new strains of ransomware can be tiresome—and almost impossible when you’re busy running your MSP business. However, it is important to keep up with these kinds of trends and know which threats you need to mitigate.

To help shed some light on the newest ransomware trends, we consulted Senior Partner Support Engineer Paul Hanley. Paul works closely with our MSP partners and stays up-to-date on all the latest security threats. He shared with us not only the newest threat to emerge but also the best practices that should be put in place to protect your customers from it.


Fantom: The Most Recent Ransomware Threat

5717216296_7e0385b8df_z.jpgOne of the most dangerous ransomware threats to emerge recently is Fantom. It disguises itself as a Windows update and preys on the fact that users are always told to keep security and systems up to date—and then holds it against them.

Fantom is an EDA2 variation, which is short for Echo Delta Alpha 2, an open source toolkit for ransomware that any user can download, customize, and deploy. Users can modify and make it their own under the GNU license. The toolkit was originally developed for educational purposes, but this unfortunately backfired once malicious actors became aware of its existence. It has since been used as the codebase for a number of  other ransomware families, to varying degrees of success.Every program that uses the original code is inherently flawed by design, but that can easily be fixed if a hacker knows what to look for. To date, Fantom is the biggest variant to come out of EDA2.MSP's Complete Guide to Cyber Security

Fantom disguises itself as a critical Windows update, using file properties to pose as if it is from Microsoft and pulling up a Windows update screen. The malware stops users from moving to another screen, and behind the scenes it starts encrypting files. While users can close the screen by keying CTRL+F4, Fantom still continues to encrypt data. When it’s done, it changes the background image and prompts users to pay the ransom.

Best practices to protect against Fantom

Even as ransomware continues to evolve, education is still first and foremost the best defense against ransomware.

  1. Educate customers about cyber security. Education is still the best way to avoid a ransomware infection. Teach your customers and their employees to look for warning signs, such as pop ups and malicious attachments. Remind them NOT to:

                -Open emails from an unfamiliar email address

                -Disable or deactivate their antivirus program.

                -Download unknown software

                -Click on any unknown attachments

                - Install programs from an unfamiliar source

  1. Maintain up-to-date systems, antivirus, and antimalware protection. Make sure your customers are running the newest version of these systems. Backdoors are usually fixed in the latest patch or update, and hackers prey on companies running out-of-date software, which gives them an easy “in” to the system.
  2. Backup multiple versions frequently and consistently. Make sure you have multiple versions of your customers’ files backed up. If ransomware were to strike and you only backed up a single version, it’s possible that you backed up an infected file. By saving multiple revisions, you have a better chance of restoring clean data. As a best practice, keep multiple days’ worth of files in order to provide additional restore points.
  3. Set up a next-generation firewall. A next-generation firewall can ensure maximum security for your customers. This type of firewall analyzes every file trying to run on a PC and verifies the data against a threat intelligence network in the cloud, stopping malicious programs from being run.

Cybersecurity remains important, and whether you’re teaching your customers about Fantom or another type of ransomware, make sure they have best practices in place. The strongest defense against cybersecurity is education and awareness, but you need to help them put technical safeguards in place as well. Together, both approaches will help you mitigate ransomware attacks even as the threat continues to evolve and more sophisticated variants emerge.

MSP's Complete Guide to Cyber Security

Photo Credit: Kamil Antosiewicz Monika Powalisz via Flickr. Used under Creative Commons 2.0

Ask Intronis is a weekly advice column answering common questions from MSPs and IT service providers. It covers topics ranging from pricing and selling to marketing and communications—and everything in between. Submit your questions by emailing AskIntronis@intronis.com. 

Topics: Malware, Ask Intronis

Which Data Loss Gremlin Is Targeting You
MSP Health Check
MSP Phishing Quiz
Intronis Local Lunches
MSP Marketing Assessment