Ransomware and Malware
The recent surge in advanced ransomeware is an indicator that well-hidden viruses are definitely something to watch out for.
IT pros need to be prepared for a new generation of malware and ransomware that are subtle, but dangerous. Join us as we review where APTs, ransomware, and other sophisticated malware can hide in your network and how to be prepared to protect your organization.
Where Malware and Ransomware May Be Hiding?
Critical System Files:
One of the most dangerous and innocuous spots highly sophisticated malware can hide is your critical system files. Traditionally, many malware files that were used to replace or modify existing critical system files were distinguished by a foreign signature or metadata that is visible in the attribute certifiable field (ACT) of signed files.
Some malware will modify Windows Registry keys in order to establish a position among “autoruns” or ensure the malware launches each time an OS is launched.Manually auditing your Windows registry keys to detect abnormalities is a massive task. It would theoretically require the comparison of log files to the tens of thousands of autorun settings. While there are some possible shortcuts, efficiently determining modifications to your registry keys is typically best achieved with a File Integrity Monitor Solution
Operating systems contain a host of temporary folders, which range from internet caches to application data. These files are an inherent part of the OS, allowing the system to process and compress information to support user experience. By nature, these temporary folders are typically default writeable for all users to enable internet browsing, the creation of Excel spreadsheets, and other common activities.
Also known as “shortcuts”, may contain a direct path to a malware or ransomware-laden website or, more dangerously, an executable file. Chances are, your employees have quite a few of these pathways on their desktop to ease access to commonly visited web applications and other tools.
Even relatively low-grade spam filters are wise enough to recognize .exe files as potentially malicious. However, cybercriminals have wised up to this practice and are now taking advantage of Microsoft Office VBAs to insert ransomware code within Word document.