Ransomware is now #2 in the crimeware list published by Verizon in their latest data breach report. Before we delve into the details of why crimeware/malware is spreading at such alarming levels, we would like to highlight that protecting data at its source is the best approach. Imperva researchers have found an ingenious solution that can detect and block the CryptoLocker/CryptoWall family of ransomware. Not long ago, The Imperva Defense Center followed the money trail of the most successful ransomware -CryptoWall- and published a detailed report.
Is curiosity risking your data?
Human curiosity, unfortunately, is good for both survival and phishing – we haven’t learned from our curious feline friends. The tendency in people to open (and click into) phishing emails – a whopping 30% of us guilty of the crime – is the primary reason behind the spread of malware. One would think that increase in major data breaches, identity theft, and online fraud would have raised awareness and made users more careful.
Source Verizon DBIR 2016
Why ransomware spreads faster than the common flu?
Interestingly enough malware is similar to the common flu with regards to the number of different variations out in the wild. Malware code changes very rapidly, so often that most you will see the same malware is once. See the chart below from Verizon DBIR 2016, which reflects how quickly hackers are modifying their code to avoid detection – 99% of the Malware is seen for 58 seconds or less. Needless to say, endpoint protection which relies on signature-based detection remains terribly handicapped at catching something it does not know.
Source Verizon DBIR 2016
Ransomware does not discriminate
Enterprises are not immune to ransomware, neither are Mac books. Hollywood Presbyterian Medical Center tried everything including taking assistance from the FBI, but eventually ended up paying $17,000 in ransom. Unfortunately, ransom payments encourage more bad actors to get into the fray.
Is there a better solution than backup and recovery?
Restoring from backups is a good solution, but there can be significant downtime while waiting for the recovery and restoration of data. We tasked the folks at The Imperva Defense Center to come up with a better solution. The research team analyzed several ransomware samples and studied the data access patterns in our labs. The solution they formulated recognizes the abnormal data access pattern and prevents the malicious takeover of data stored in file repositories. The solution alerts and blocks in real-time the CryptoLocker/CryptoWall family of ransomware. The solution is available to all Imperva File Security products.
Imperva customers running SecureSphere File Security products can obtain the deployment guide for ransomware mitigation via the support portal or contact the support/sales team.