Want to beat ransomware? Let it run!

Tackling ransomware needs a fresh approach because current security systems are not working

Ransomware solution

How can organisations protect themselves against ransomware (or any other threat today) given the fact that 99% of malware morphs into new, undetectable variants in under a minute?

The cybercriminal world is not much different from the commercial industry.

Just like you, bad guys are continuously trying to accelerate their business and get closer to the customer so they can cut out the middleman and maintain their competitive edge.

They may not have a board of directors, but they do have business requirements and that pushes them to create new avenues for revenue.

Upping their game

Not too long ago you would hear about, or be a victim of, money mules, who’d commit fraud with stolen credit cards for a fee.

Then industrious cybercriminals came up with the idea of cutting-out the middle-man (the money mule) and ransomware was born. It delivered faster – with a direct, higher-paying gain.

>See also: The evolution of ransomware: what lies ahead?

Even though ransomware started becoming more popular for cybercriminals in 2013, it was catapulted to fame earlier this year when a Los Angeles hospital was crippled by an attack for days until they eventually paid the $17,000 to regain access to their patient files.

It was an expensive lesson in security, not just because of the cash out of pocket, but their liability exposure was huge as patients had to be moved and patient files were no longer secure.

Examples like this are becoming more and more frequent, and the methods more sophisticated. Just a few weeks ago we saw the emergence of CryPy, a new strain of ransomware that encrypts files one-by-one with individual, unique keys.

This is just the latest in a long line of innovative ransomware attacks – a problem that is set to get worse.

If this trend continues, more people will give in to the demands of cybercriminals.

As a result, there will be more success stories, and ultimately more money will be made.

Ransomware is adapting and evolving as its environment changes. Indeed, Bromium found there has been a 600% rise in active ransomware families since 2013.

>See also: How to minimise the impact of ransomware

Like most threats for the last 20 years, ransomware relies on the weakest link in your enterprise security strategy—the end user.

It’s usually delivered via an email as a malicious attachment – like an invoice or subpoena – something that looks important, timely and like a regular business communication.

It can also happen when someone visits a compromised website, which in most cases is a legitimate website that the end user would normally visit and trust, but has been infected with malware.

Even the biggest and most trusted web brands are susceptible to this problem; as was evident with the recent case of Spotify serving up malvertising to users of its freemium service.

There’s absolutely no way to know a site has been compromised, so no amount of user-education or caution can solve the problem.

The definition of madness is doing the same thing and expecting different results

There are a multitude of recommended strategies to protect your organisation from ransomware.

Some include things like regularly backing-up your files, disabling macros, reducing admin rights, patching often, exercising caution when opening email attachments and making sure your anti-virus is up-to-date.

>See also: Ransomware on the rise

But if you consider all these steps, the big news is you are basically doing the same thing everyone’s been doing for the last 20 years, and it doesn’t work.

Changing the game: it’s time for a different approach

It’s time to change the game. First, people need to realise that there will always be vulnerabilities in software.

Unfortunately, for many companies, security is an add-on and not something that is of major concern when they start to develop a product.

It’s also a sad truth that malicious code and cyber-threats will always exist, and businesses will continue to get breached, as long as there is money to be made from cybercrime.

The problem is that it’s so lucrative for hackers as they can keep testing their victims’ defences and only need to succeed once to make it worthwhile, but those trying to keep them out have to succeed every time.

That’s an impossible task, given that you can’t anticipate a hacker’s next move since their attack strategies are so varied.

>See also: Ransomware is spreading through cloud apps

So how can organisations protect themselves against ransomware (or any other threat today) given the fact that 99% of malware morphs into new, undetectable variants in under a minute?

On the face of it, this seems like an un-winnable battle. But the answer is actually very simple; you let it run!

You let it run with one critical caveat. And that’s the difference.

You create a completely isolated environment using micro-virtualisation.

Each program, application, web-pages and links, are attached to an individual server that contains the malware, allowing it to run and monitoring it while sending the information to the SOC.

It is harmless, and the rest of your system is left completely untouched.

You track its behaviour, and once you are done with it, you simply throw it out.

Only through this technique can you ensure complete peace of mind and be sure that whatever you do, your system is safe.

 

Sourced by Gavin Hill, vice president of product at Bromium

Comments (0)