Blue Hexagon Blog

Ransomware: It’s Here, It’s Now–Let’s Deal With It

Ransomware is one of the more malevolent forms of malware. According to a recent report, a new organization will fall victim to ransomware every 14 seconds in 2019, and every 11 seconds by 2021. Ransomware is arguably the biggest, most widespread cybersecurity threat and can affect both individuals and enterprises. The concept behind ransomware is simple: lock and encrypt a victim’s valuable data using an almost unbreakable encryption key, then demand a ransom–often in bitcoin or other form of cryptocurrency–to restore access to that data.

In many cases, the victim must pay the cybercriminal within a set amount of time or risk losing access forever. And since the people responsible for the ransomware attack are threat actors, paying the demanded ransom doesn’t mean your data will even be restored, or that you won’t be attacked again.

Ever since the broad success of the global outbreak of the Wannacry, Petya, and NotPetya variants, which affected millions of computers and caused billions of dollars in business losses (not counting the unknown total of ransom paid out), ransomware attacks have been growing in volume and complexity.  The surge is due to a combination of the high likelihood of revenue along with the malware’s relative ease of distribution. Ransomware is most often spread through phishing campaigns or “drive-by” attacks on infected web sites.

And recently, taking advantage of the asymmetric cost-benefit ratio, hacker groups have begun offering ransomware-as-a-service whereby criminals can pay a monthly subscription to get access to a soup-to-nuts offering that includes malware, delivery mechanism, and obfuscation techniques to defeat all but the most stringent security controls.

So what can you as the end-user do to protect against it? Here are some simple things you can do right now to help protect yourself and your data:

Good security hygiene

Awareness and vigilance can go a long way toward avoiding the kind of mistakes that result in infection. Here are a few best practices that can increase your security posture:

  • Update and patch computers to make sure you  are using the most recent version of applicable operating systems and applications. Out of date or unsupported systems are a soft target for ransomware. Also consider enabling the ransomware protection built into Windows 10 PCs running Microsoft Defender.
  • Learn how to recognize the tell-tale signs of fraudulent emails and be cautious when opening links contained in email or within documents, especially from unknown senders. Malicious website addresses often appear almost identical to legitimate sites, often using a slight variation in spelling or a different domain.
  • Open email attachments with caution, especially those from unknown or unfamiliar senders. When working with attachments, unless absolutely necessary, avoid enabling embedded macros especially in Word and Excel documents.

Regular system backup

Backups are your insurance policy against ransomware. Minimizing damage from ransomware requires rapid and timely backups in order to safeguard critical documents and other personal user data. Ransomware typically targets and encrypts folders containing files with business, personal, or sentimental value, thereby increasing the likelihood that the victim will pay the ransom. Establishing a regular backup schedule to an external disk or offsite backup service (in the cloud) protected by multi-factor authentication is recommended.

Strong, early detection

However, while data backup should be an essential part of your organization’s operational plan, it is far from being a solution on its own. In spite of backup efforts, recent analysis has shown that downtime associated with ransomware attacks continues to climb; rising from an average 6.8 days in Q4 of 2018 to 9.6 days of downtime in Q2 of 2019. This is due to a variety of factors such as ransomware targeting backup files and managed service providers, as well as encrypting application configuration files to hamper recovery efforts.

Therefore, the best way to stop a ransomware–or any other malware attack–is to detect it before it enters your network and can make its way onto a vulnerable device. This requires two critical improvements in security – the ability to detect malware even as it evolves to avoid signatures, and the ability to do so at near real-time speed. This means an AI-enabled malware defense.

BlueHexagon delivers on these requirements with a new approach to malware detection based on deep learning. Our solution is able to detect known and unknown malware with near 100% accuracy at subsecond speeds. At 125 ms detection rate and 100% efficacy, Blue Hexagon allows organizations to detect and stop ransomware before it ever takes hold in an environment, and in the process, shifts the focus from attack recovery to attack prevention.

It’s National Cybersecurity Awareness Month, and the more you know, the better prepared and protected you’ll be from the growing risk of falling victim to a malware attack. Whether you are responsible for protecting one computer or an entire enterprise, vigilance is everyone’s responsibility.