Ransomware continues to evolve, it has certainly grown more sophisticated that even the advanced anti malware and antiviruses fail to detect it on the computer.
Traditional Ransomware vs Fileless Ransomware
Traditional ransomware are not sophisticated and easy to detect. Before, it needed not to be, because the encrypted files the Ransomware hack would soon expose the Ransomware attack on the computer.
Since anti malware and antiviruses are getting better at detecting ransomware on the computer before ransomware hack the files and folders, hackers have developed new techniques to bypass security software. These types of ransomware are designed to intrude the computer memory.
Before Ransomware would hide in different folders in the computer, although it could remain undetected, anti malware and antiviruses could still recognize Ransomware lurking in the computer.
Now, ransomware loads itself in the computer then deletes itself. Deleting itself makes it invisible in Task Manager, so the user will never see it running in Services, but it’s active. This ability makes it hard for most anti malware and antiviruses to detect Ransomware on the computer.
Once installed, ransomware goes through the hard drive and looks for valuable files it can encrypt. Mostly, it targets files such as PDF, Word, videos, photos, other documents that are valuable to the user.
Also, it can travel through the local network and look the same files and encrypt them. That’s how ransomware hack the files and documents within the network. What’s worse is it can lock the desktop with a message about how to pay the ransom to restore the computer or files.
How Ransomware installs
Although Ransomware continues to evolve, its ways of attacking the computer remains the same.
It can pretend to be an email from a boss, family, or friends. This email usually has an attachment inviting the user to download it. When the attachment is downloaded, Ransomware starts to install.
The email is enticing because it seems important or it triggers curiosity. This is a form of social engineering that many users fall into.
This occurs when the user clicks on a phishing link or infected websites. Ransomware hack the computer with system vulnerability. A good example of this is a computer running an outdated version of the software.
Eternalblue vulnerability is what NotPeya and Wannacy Ransomware often exploit. Microsoft has already addressed the issue by releasing a patch.
Trojan is often bundled with ransomware. Trojan is a type of malware that pretends to be a useful software. When user downloads and installs the file that seems to be legitimate Trojan installs itself then it installs ransomware on the computer.
Comodo AEP develops a fileless malware security system
Comodo being aware of hackers developing advanced techniques to bypass security, created HIPS (Host Intrusion Prevention System) that is specifically designed to detect and combat fileless malware such as fileless Ransomware and Rootkit.
Since fileless malware cannot be detected by traditional signature-based detection, HIPS detects fileless malware using Behavioral Monitoring Technique. It constantly looks for behavioral patterns to identify malware.
Because it has a default ruleset that provides high level of protection, it instantly protects the registry and critical system files against malware attacks. Ransomware hack the registry because it contains the vital information of the operating system.
What does HIPS constantly monitor against modification?
- COM Interfaces
- Registry keys
- Files/ Folders
It also monitors the keyboard, physical memory, computer monitor, and disks for direct access. Fileless malware such as Keylogger directly accesses the keyboard to track the key pressed and record it to steal the password.
Comodo AEP also creates Auto-Containment and Default-Deny option that automatically contain unknown files. When an unknown file enters the computer, instead of allowing it to run in the computer, Comodo AEP runs it within a virtual container to monitor its behavior. If it’s confirmed safe, it is released.
Other anti malware software only has a default allow which leaves the computer vulnerable to unknown threats. Every day, thousands of malware are released. Allowing an unknown file to run in the computer is a big risk.
Auto-Containment closely analyzes the files with multiple recognizers so that it can identify its intent and destination on the computer.
Comodo AEP contains the essential tools that protect the computer against fileless malware such as the new age fileless ransomware.
Download the 30-day trial of Comodo AEP now for your computer and endpoint devices. Click here.