Bromium Research Reveals Sophisticated Crypto-Ransomware Menace

Destructive Malware Evades Detection to Cause Multi-million Dollar Losses; Newest Variants Leverage Advanced Encryption and Increasingly Target Enterprise Files


CUPERTINO, CA--(Marketwired - Nov 19, 2014) - Bromium®, Inc., the pioneer and leader in transforming endpoint security using micro-virtualization, today announced the publication of "Understanding Crypto-ransomware," which analyzes the anatomy of an attack. The report dissects the sophisticated malware, which evades detection-based security solutions, such as antivirus, and leverages advanced encryption to encode enterprise file types until a ransom is paid, resulting in millions of dollars of losses.

"Crypto-ransomware is a particularly devious attack because of its potential to cause financial losses and irreparable damage to organizations that cannot access critical files," said Rahul Kashyap, chief security architect, Bromium. "Crypto-ransomware lacks the subtlety of Trojan attacks that evade detection during infection, openly flaunting its compromise and demanding payment since antivirus is unable to reverse the process."

"Understanding Crypto-ransomware" provides a comprehensive analysis for the most prevalent crypto-ransomware families uncovered in the wild. Bromium Labs reverse engineered each sample and executed it in a virtualized environment to observe its behavior. Key findings from "Understanding Crypto-ransomware" include:

  • Crypto-ransomware Evolves to Target the Enterprise: Initially, crypto-ransomware focused on consumers, primarily targeting the sentimental value of image files. Over time, the number of file types targeted has increased nearly 200 percent, from 70 to 230, including a focus on business software file types.
  • Crypto-ransomware Leverages Advanced Attack Techniques: Crypto-ransomware compromises are frequently caused by process injection, which may be delivered by malvertising. The process injection obfuscates code and covertly launches, rendering antivirus solutions ineffective.
  • Anonymized Traffic and Payment Channels Hinder Investigation: Crypto-ransomware leverages encrypted traffic channels to communicate with command-and-control servers, shrouding their location. Payment is demanded in Bitcoin, which is less regulated and more anonymous than other currency.
  • Advanced Encryption Techniques Stifle Code Crackers: Early crypto-ransomware flaws enabled researchers to reverse engineer a tool to recover files. As a result, crypto-ransomware has implemented advanced encryption algorithms that are nearly impossible to defeat.

Download "Understanding Crypto-ransomware" at http://www.bromium.com/sites/default/files/bromium-report-ransomware.pdf

About Bromium, Inc.
Bromium is re-inventing enterprise security with its powerful new technology, micro-virtualization, which was designed to protect businesses from advanced malware by design, while simultaneously empowering users and delivering real-time threat intelligence to IT. Unlike traditional security methods, which rely on complex and ineffective detection techniques, Bromium protects against malware from the Web, email or USB devices, by automatically isolating each user-task at the endpoint in a hardware-isolated micro-VM, preventing theft or damage to any enterprise resource. Bromium's technological innovations have earned the company numerous industry awards. Bromium counts a rapidly growing set of Fortune 500 companies and government agencies as customers.

www.bromium.com
Follow Bromium on Twitter: https://twitter.com/bromium

Contact Information:

Clinton Karr
Sr. PR Manager
Bromium

(408) 514-5962