Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Solving Ransomware Presents Opportunity for Security Companies

    By
    Robert Lemos
    -
    July 16, 2016
    Share
    Facebook
    Twitter
    Linkedin
      Fighting Ransomware 2

      When ransomware hit the Horry County School District in South Carolina in February, the IT staff’s first warning of the disaster came from teachers who could no longer access their files. Days later, Hollywood Presbyterian Medical Center staff “noticed issues accessing the hospital’s computer network”—the organization’s only warning that it too had become a victim.

      The incidents underscore the fact that many companies and organizations are still unprepared to prevent—or at least, detect—ransomware infections before their data is held hostage by cyber-criminals. While ransomware resembles much of the other malware, its defining feature, the ability to encrypt data, can cause significant damage to business operations, making the detection of such threats imperative. Unfortunately for victims, the time between infection and impact tends to be much shorter with ransomware than for other forms of attack, such as data theft.

      “The point of entry is not any different for ransomware, but the shot clock really starts pretty quickly,” Ed Cabrera, chief cyber-security officer, Trend Micro, told eWEEK. While other breaches revolve around exfiltrating data, which may never be used or which may have limited impact on the company, the payload of ransomware makes it fundamentally different. “Through all the stages of a traditional attack, you have a lot of chances to detect and respond. With ransomware, there are not a lot of steps—there is not a lot of time to react.”

      Little surprise, then, that ransomware has become the security threat of the 2016. In the first quarter of the year, the FBI estimated that more than $209 million had been lost to ransomware attacks, according to a CNN report. And attackers are ramping up their efforts: Trend Micro identified 50 new variants of ransomware in the five months of 2016, up from 49 variants for all of 2015.

      Seeing a market, security companies have added features to current products to allow their clients to better detect and more quickly block ransomware before it can encrypt important data. Illusive Networks, for example, has added ransomware-specific canaries, what it calls “deceptions,” to its product to signal when ransomware is attempting to encrypt files. While it may detect the ransomware after it has infected a system, such an approach can help incident responders shut down the attack before it gets far.

      Focusing on how ransomware interacts with data is a popular approach.

      Data-protection firm Varonis, whose products monitor servers and devices for changes to data as well as strange user behavior, has added specific patterns to its behavioral analytics that can detect the unwanted encryption committed by ransomware attacks. While a simple rule—such as determining that the renaming of 500 files in a minute is a sign of maliciousness—could detect much of today’s ransomware, it would be easy to circumvent in the future, so Varonis has added more in-depth rules, David Gibson, vice president of strategy and market development at Varonis, told eWEEK.

      Solving Ransomware Presents Opportunity for Security Companies

      “That is a basic alert, not really user-behavior analytics,” he said. “We are able to discern that something looks like an automated pattern. That is something that is a bit more future-proof when detecting something that is low and slow.”

      Rather than focus on the data, other companies are focusing on how a user behaves and using analytics to discern whether the actions taken on a computer are a user or a malicious program.

      Exabeam, a company focused on user analytics, has found that a few tweaks to its system can easily pinpoint actions that are likely to be ransomware. The programs, much like other malware, change file names, systematically overwrite files, communicate with malicious domains, and take other actions indicative of an automated, malicious program, Barry Shteiman, director of threat research at Exabeam, told eWEEK.

      “I have tracked 86 variants of ransomware,” he said. “I haven’t seen one where we didn’t see artifacts that were totally new.”

      Host-based security software—the approach into which many traditional antivirus companies have morphed—can still be relevant. Trend Micro, for example, stops 90 percent of ransomware attacks at the email gateway, another 9 percent through URL filtering and malicious Website detection, and less than 1 percent of attacks through behavioral analytics, Trend Micro’s Cabrera said.

      Such a layered approach cannot be avoided, he said. Companies need to focus on better backups, detection of malicious communications and malware activity, and new analytic techniques.

      “Arguably, there is no 100 percent solution,” Trend Micro’s Cabrera said. “In the end, that is why you need to be resilient. As your strategy, you need to protect all your assets, and speed up detection and speed up patching.”

      Overall, companies should treat ransomware as a special case of traditional malware, he said. Improving the speed in which attacks are detected, and blocking the attacks before they have a significant business impact, are both important.

      While some security experts consider ransomware to be a more serious attack than run-of-the-mill malware, Varonis’ Gibson argued that the pain of ransomware is mainly short term. While he would not go so far as to consider such attacks a benefit, companies attacked with the malicious encryption programs are quickly given signs that their systems were vulnerable, which can help them figure out where more insidious attackers might go.

      In the end, other insider threats, which Varonis specifically aims to defend against, can be much more damaging, he said.

      “The one point that people are missing is that ransomware is the gentlest insider threat that there is,” he said. “Ransomware is the only insider threat that you know is there. The other ones are much more stealthy, and you will not catch them before they have completed stealing your data.”

      Avatar
      Robert Lemos
      Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's written for Ars Technica, CNET, eWEEK, MIT Technology Review, Threatpost and ZDNet. He won the prestigious Sigma Delta Chi award from the Society of Professional Journalists in 2003 for his coverage of the Blaster worm and its impact, and the SANS Institute's Top Cybersecurity Journalists in 2010 and 2014.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×