What is Ransomware?
Ransomware : a type of malicious software designed to block access to a computer system until a sum of money is paid. “Although ransomware is usually aimed at individuals, it’s only a matter of time before business is targeted as well” (Ismet, 2016). Unfortunately, when it comes to ransomware, once your files are encrypted, there’s not much you can do—besides cut your losses or pay up. And even if you do pay up, there’s a chance you won’t get your files back, so you’re out the files and your cash (Zamora, 2017).
According to US government statistics, more than 4,000 ransomware attacks are attempted every day. Cyber criminals stole $209 million in the first quarter of 2016 alone, putting ransomware on course to be a $1 billion business by the end of 2016, with predictions of $2 billion by the end of 2017.
Although authorities are pursuing the perpetrators behind multiple campaigns, many of them are located in Eastern Europe, outside the reach of U.S. extradition agreements (see How Do We Catch Cybercrime Kingpins?) (Schwartz, 2016). How do business combat these attachks?
Strategies To Combat An Attack
One strategy is restoring from snapshots.
Most scenarios involve restoring from backup or restoring from snapshots, but there is always talk on restoring files. While we use Dell Compellent (Dell Storage Manager) to potentially provide recovery for the VMs and physical servers through the use of snapshots/replays, having them as well as an organization wide prevention and recovery strategy is far better plan. While in many cases snapshot technology could provide recovery avenues, there could be challenges like Time to recovery, data synchronization, lost transaction due to rollback, etc. Preventing malware significantly reduces remediation costs and end user down time.
The first step in ransomware prevention is to invest in awesome cybersecurity—a program with real-time protection that’s designed to thwart advanced malware attacks such as ransomware. Then, be sure your systems and software are updated. The most recent ransomware outbreak took advantage of a vulnerability in Microsoft software. (Zamora, 2017). One such awesome cyber security is Dell Data Security. However, after recently talking with one of my consulting firms, a brand new product that uses machine learning to predict whether any file, executable, or binary is malicious or not called Cylance.
Cylance is an artificial intelligence based threat protection software. It runs on the cloud and has an incredibly small footprint (around 40-60mb, 1-2% CPU utilization.
- A next generation anti-virus/end-point malware prevention platform – exceedingly high accuracy rates based on “mathematics & artificial intelligence” with pre-execution blocking in real time.
- No cloud connectivity needed, no signatures, no heuristics, no behavior observation, no DAT file updates – only mathematics/artificial intelligence.
It protects businesses with intelligent, centrally-managed endpoint security and compliance solutions. Preventative solutions provide a proactive approach to threat prevention versus the traditional signature-based anti-virus solutions. Preventative solutions are more effective against advanced persistent threats. Ultimately, developing a well organization wide prevention and recovery strategy is the key for thwarting such attacks.
Ismet, Nicolai (2016). Isilon and Ransomware. Retrieved from: https://www.linkedin.com/pulse/isilon-ransomware-nicolai-imset
Schwartz, Mathew J. (2016). FBI Warning: Ransomware Is Surging. Retrieved from: http://www.inforisktoday.com/fbi-warning-ransomware-surging-a-8962
Zamora, Wendy (2017). How to beat Ransomware : prevent, don’t react. Retrieved from: https://blog.malwarebytes.com/101/2016/03/how-to-beat-ransomware-prevent-dont-react/