Earlier this year, researchers at the Imperva Defense Center followed the money trail on CryptoWall 3.0 – one of the most widespread ransomware menaces to date. The results were astounding, and show how ransomware authors were profiting from unsuspecting users. The researchers also concluded that ransomware would quickly graduate into the enterprise space since the prize money was much bigger. It didn’t take long for ransomware to spread its wings and target businesses. Recently, a number of hospitals suffered debilitating ransomware attacks including Hollywood Presbyterian Medical Center which paid $17,000 in ransom to regain control of the hospital’s computer systems. In fact, new research data fromMalwarebytes shows the Healthcare and Financial industries as the top two verticals affected by ransomware.
Why is ransomware not easy to contain?
Employees are consistently the weakest link when it comes to ransomware and are often the victims of phishing campaigns which trick them into opening emails that contain malware. And, the criminals get more sophisticated every day making it harder and harder to discern legitimate emails from phishing attempts. Once the malware is on a company’s network, ransomware thrives on distribution and is continuously modified to avoid signature based end point detection. The ransomware model lacks intermediaries and provides total anonymity for the attackers through Tor and BitCoin. Data does not leave the enterprise network, so it is harder for traditional data security solutions to detect and stop it. Lastly, almost everyone in the network has the privileges to read, modify and write critical files in data repositories, and one infected user is all that is needed to encrypt all of the data on file shares.
Do current approaches work?
Most ransomware solutions focus on the ransomware attack methods or signatures to detect known ransomware and block the end point. Some solutions with file backup expertise focus on the remediation after infection. Some restoration solutions even attempt to reconstruct the original files back from network captures, which is a highly complex process that requires all of the packets in the network to be captured and stored for days. The packet capture data can quickly run into multiple petabytes per day for a medium-sized business! The best approach is to depend on a good backup strategy that involves regular backups and a restore process that takes hours, not days as the cost of lost productivity can add up quickly.
Thinking out of the Box
What if we told you that there is a better way to tackle the ransomware threat? We have kept our eye on the prize -“data”- and have developed a deception-based ransomware solution that monitors hidden files within the file system to enable early detection and blocking. We simply place a few files in strategic locations and monitor all file access activity withSecureSphere File Firewall. It is highly unlikely for users to trip on these honeypot files; only a ransomware which tries to encrypt folders would trip on them blindly.
While it looks as if ransomware is here to stay, businesses shouldn’t lose hope. There are approaches to preventing ransomware and one of the most efficient, easy to deploy solution is anchored on a file firewall platform with a deception-based approach that monitors hidden files for early detection and blocking.
Related content:
Stop Ransomware in its Tracks
The Secret Behind CryptoWall’s Success: Key Findings from our Hacker Intelligence Initiative Report
https://www.imperva.com/DefenseCenter/HackerIntelligenceReports
Try Imperva for Free
Protect your business for 30 days on Imperva.