90 per cent of ransomware can execute without administrator rights
Nine in ten ransomware variants can still run even if they do not gain administrator rights, according to a new report. Research from CyberArk found that while many types of malware need local administrator rights to execute properly, 90 per cent of ransomware strains do not require them.
This puts users at increased risk because they do not need to give the malicious software explicit permission to make changes before it begins to encrypt their files.
While 70 per cent of ransomware attempted to gain local administrator rights, just ten per cent failed to execute when unable to gain them.
However, the report did find a way of stopping 100 per cent of ransomware attacks.
The researchers found that when application control, including greylisting, was combined with the removal of local administrator rights, it was totally effective in preventing ransomware from encrypting its victims’ files.
“Ransomware has emerged as a credible and opportunistic tactic for attackers, leaving infected organisations with the difficult choice of abandoning hijacked data or paying cyber criminals for the chance to retrieve their files,” said Chen Bitan, general manager for Europe, the Middle East and Asia and APJ at CyberArk.
“By analysing how ransomware typically behaves, we’ve been able to gain critical insight into how to help protect against these attacks.
“Moving beyond traditional anti-virus solutions, which are not effective in blocking ransomware, and adopting a proactive approach to endpoint and server security is an important step in protecting against this fast-moving and morphing malware.”
Ransomware is one of the most prevalent threats to businesses in 2016.
Last week, SentinelOne became the first security vendor to offer a ransomware guarantee on its products. If clients running its software are successfully attacked, they can claim up to $1 million (£760,000) to cover the cost of the breach.
And Europol recently teamed up with security firms to launch a new website to educate the public on ransomware and help victims recover their files.