Ransomware poses a growing and critical threat to enterprises. In 2015, there were nearly 407,000 attempted ransomware infections and over US$ 325 million (£244 million) extorted from victims and numbers are expected to rise.
New research from CyberArk Labs tested more than 23,000 real-world samples and more than 30 malware families such as Cryptolocker, Petya and Locky to gain insight into typical ransomware behaviour and identify potential strategies for mitigating the impact of attacks.
It was discovered that application control coupled with the removal of local administrator rights was 100 percent effective to prevent ransomware from encrypting files. The approach was compared to the effectiveness of other mitigation strategies including use of traditional anti-virus software.
While many strains of modern malware require local administrator rights to properly execute, many strains of ransomware don't require these rights. While 70 percent of ransomware attempted to gain local administrator rights, only 10 percent of ransomware would fail to execute if these rights were not attained.
“Ransomware has emerged as a credible and opportunistic tactic for attackers, leaving infected organisations with the difficult choice of abandoning hijacked data or paying cyber-criminals for the chance to retrieve their files,” said Chen Bitan, general manager, EMEA & APJ at CyberArk. “By analysing how ransomware typically behaves, we've been able to gain critical insight into how to help protect against these attacks. Moving beyond traditional anti-virus solutions, which are not effective in blocking ransomware, and adopting a proactive approach to endpoint and server security is an important step in protecting against this fast-moving and morphing malware.”