How Hackers Work: A Flagging Battle Against Ransomware

Flagging battle against ransomware

How Hackers Work

It is best to think of hackers as an aggregate.

Don’t think of an individual Ukrainian man dripping cigarette ash onto a keyboard as he tries to hack into your perimeter. That’s not a threatening image, and it provides no useful information as to how a hacker behaves. Think instead of something like a swarm of ants that turns itself into a bridge, or a floatation device, and can denude a patch of forest in minutes.

The point is that while an individual hacker may not be able to do a whole lot of damage, the combined power of the community as a whole can recombine to fit itself around nearly any obstacle in order to achieve its objective. When that objective is “install ransomware on as many devices as possible,” the consequences for the rest of us are dire.

Here are a few examples of the ways in which hackers are breaking down barriers in order to infect the rest of us:

Ransomware vs. Microsoft

The prevailing wisdom notwithstanding, Microsoft is one of the most important players in the information security space. Its Windows Defender suite is actually fairly decent for home users, and the company itself is one of the most important actors in the international fight against botnets. Likewise, its Enhanced Mitigation Experience Toolkit (EMET) is a formidable weapon that shuts down many of the security loopholes that attackers use to install malware.

That last sentence should be in the past tense, unfortunately. A new version of Angler—an exploit kit favored by ransomware authors as a method of injecting malware—now contains the ability to bypass EMET protections completely. The bypass is accomplished by mimicking the behavior of the Adobe Flash and Microsoft Silverlight browser plugins. These two pieces of software have specific permissions in the browser that allow them to run data that’s loaded in memory. By emulating these permissions, Angler can easily load malware onto a user’s computer.

Ransomware vs. the Internet of Things

Imagine waking up one morning and discovering that you need to pay a hacker $300 in order to start your car.

This is probably the future. As the things we use become more and more connected, our connected objects become more and more important to us. Two years ago, if a hacker bricked your Fitbit, you’d probably shrug and buy another one. Next year, when a hacker goes after your internet-connected washing machine, you’ll probably have to pay up.

IoT devices tend not to have built-in information security protections. When these devices represent capital equipment for homeowners, lifesaving medical devices, or expensive productivity tools, they turn into an obvious target. This isn’t a far-off future, either. Forrester Research is predicting that hackers will specifically target medical device firmware by the end of 2016.

Ransomware vs. You

Ransomware (what is ransomware?) is going to touch you—yes you, the person reading this—in some way. You may not realize this yet, but ransomware is experiencing the kind of hockey-stick curve that’s typically applied to things like the human population. Or nuclear fission. You may experience ransomware only as a pop-up on your desktop that says “such and such AV program just blocked a potentially dangerous process.” Someone you know might get it. Some lucky criminal might actually get you, and you may be quickly forced to learn how to buy bitcoin.

If you’re like us, you—and your enterprise—would strongly prefer that your data is never held hostage. SentinelOne’s next generation endpoint protection is your solution. Hackers keep finding ways around software patches, and signature-based antivirus consistently whiffs when aimed against ransomware hashes. The best solution to protect your desktop is a product that recognizes the behavior of ransomware and moves to shut it down. If you want to learn more about how we do this, download our free white paper: Ransomware is Here: What you can do about it.