none

Complete I.T. Blog

Why does ransomware often go undetected by antivirus?

by | Nov 30, 2016 | Cloud Services

I’ve mentioned the evasion tactics that ransomware uses more than once in previous blog posts. This collection of technical methods ensures that crypto-ransomware infections can stay below the radar and:

  • Not get picked up by antivirus products
  • Not get discovered by cyber security researchers
  • Not get observed by law enforcement agencies and their own malware researchers.

The rationale is simple: the longer a malware infection can persist on a compromised PC, the more data it can extract and the more damage it can do.

So here are just a few of the tactics that ransomware employs to remain covert and maintain the anonymity of its makers and distributors:

Communication with Command & Control servers is encrypted and difficult to detect in network traffic;

It features built-in traffic anonymizers, like TOR and Bitcoin, to avoid tracking by law enforcement agencies and to receive ransom payments;

It uses anti-sandboxing mechanisms so that antivirus won’t pick it up;

It employs domain shadowing to conceal exploits and hide the communication between the downloader (payload) and the servers controlled by cyber criminals (where the ransomware is stored);

It features Fast Flux, another technique used to keep the source of the infection anonymous;

It deploys encrypted payloads which can make it more difficult for antivirus to see that they include malware, so the infection has more time to unfold;

It has polymorphic behavior that endows the ransomware with the ability to mutate enough to create a new variant, but not so much as to alter the malware’s function;

It has the ability to remain dormant – the ransomware can remain inactive on the system until the computer it at its most vulnerable moment and take advantage of that to strike fast and effectively.

So what steps can you take to protect your business from Ransomware? Contact us today to book a meeting and discuss how we can help you to protect your business.

Website Pop up - Have you registered yet data protection Webinar

Get In Touch

Contact Us

Head Office 01628 243 057
Email info@complete-it.co.uk


Peterborough – 01733 731 367
Swindon – 01793 934 307
Oxford – 01865 800 008
Bristol – 01172 420 786
High Wycombe – 01628 243 057
London – 02078 462 332
Manchester – 01618 234 107
Birmingham –01214 610 315

x