I’ve mentioned the evasion tactics that ransomware uses more than once in previous blog posts. This collection of technical methods ensures that crypto-ransomware infections can stay below the radar and:
- Not get picked up by antivirus products
- Not get discovered by cyber security researchers
- Not get observed by law enforcement agencies and their own malware researchers.
The rationale is simple: the longer a malware infection can persist on a compromised PC, the more data it can extract and the more damage it can do.
So here are just a few of the tactics that ransomware employs to remain covert and maintain the anonymity of its makers and distributors:
Communication with Command & Control servers is encrypted and difficult to detect in network traffic;
It features built-in traffic anonymizers, like TOR and Bitcoin, to avoid tracking by law enforcement agencies and to receive ransom payments;
It uses anti-sandboxing mechanisms so that antivirus won’t pick it up;
It employs domain shadowing to conceal exploits and hide the communication between the downloader (payload) and the servers controlled by cyber criminals (where the ransomware is stored);
It features Fast Flux, another technique used to keep the source of the infection anonymous;
It deploys encrypted payloads which can make it more difficult for antivirus to see that they include malware, so the infection has more time to unfold;
It has polymorphic behavior that endows the ransomware with the ability to mutate enough to create a new variant, but not so much as to alter the malware’s function;
It has the ability to remain dormant – the ransomware can remain inactive on the system until the computer it at its most vulnerable moment and take advantage of that to strike fast and effectively.
So what steps can you take to protect your business from Ransomware? Contact us today to book a meeting and discuss how we can help you to protect your business.