Ransomware is Building Immunity to Traditional Anti-Malware Approaches

Guest Blogger
Ransomware is Building Immunity to Traditional Anti-Malware Approaches

What is Ransomware?

Ransomware is a type of malware (malicious software) that is installed on a device or IT infrastructure that threatens the security of the victim’s data unless a ransom is paid. This is the digital equivalent of being held to ransom – holding your data prisoner, often under threat of deletion, publication, or having access blocked indefinitely, in order to extort money or property to secure its release.

How Does Ransomware Spread?

Ransomware attacks are becoming more frequent, more sophisticated, and more expensive for those organisations that fall victim. Protection from the latest virus has long been a priority for the IT manager.

Unlike in the past when updating to the latest anti-virus and anti-malware versions were enough to keep the wolves at bay, today, organisations are having to think and act differently.

“The threat landscape has shifted from ‘known’ to ‘unknown’, making defenders’ jobs harder and harder,” says George Alexandridis, Endpoint Security Specialist, Sophos. “The technology for delivering ransomware is constantly changing which means new approaches are needed.”

The biggest change has been the growing number of malware attacks that have some sort of system ‘exploit’ or vulnerability, hitherto unknown, as the primary vehicle.

In response, the cybersecurity space is moving to embrace technologies like deep learning and artificial intelligence in the hopes of developing solutions capable of so-called ‘predictive’ security, whereby organisations are protected against certain sorts of attacks yet to even be developed.

Where Does Australia Sit for Ransomware?

It might surprise you to know the extent to which Australian companies suffered from ransomware attacks in 2017.

That’s likely because such breaches are embarrassing, not to mention potentially very bad for business should they become public knowledge. Understandably, many victims prefer to just keep it to themselves.

According to a 2017 report by cybersecurity specialists Sophos, 54% of Australian organisations had been hit by ransomware in the previous 12 months, with 48% of companies reported being hit at least twice!

The numbers earned Australia the dubious distinction of being in the top 10 countries in the world for ransomware attacks.

And it’s proving very costly.

Just under a third of local companies reported costs related to ransomware attacks of between $17k and $85k. A similar proportion of companies reported hits of between $170k and $850k, 12% from $850k to $8.5 million, with 6% of companies reporting losses of between $1.7 and $17 million.

Updating Traditional Anti-Malware Software Isn’t Enough

Prevention strategies are now looking like multi-layered security solutions. One of the most sobering findings of the Sophos report was that a full two-thirds of companies were running the most up-to-date version of their IT security solutions when they were breached.

Even just a few years ago, this was the best most companies could do, because ransomware and most other sorts of threats infiltrated organisations via familiar means.

Those could be a poorly-chosen password, a user is duped by a fraudster into providing user name and password details, or someone opens an attachment without thinking.

However, there is a distinct shift away from these sorts of attacks where some sort of social engineering is involved, to attacks that are crafted with a specific ‘exploitation’, or system vulnerability.

The now infamous Petya and WannaCry ransomware viruses exploited vulnerabilities in Windows, some of which were known (albeit obscure); while others had never been seen before.

Deep Learning, AI and Unknown Unknowns

The random ‘unknowability’ of today’s attacks is fast outpacing that of most cybersecurity technologies available on the market.

In fact, Sophos reports that even the latest versions of traditional anti-malware and anti-virus software can only protect organisations from about 12% of the threats currently out there in the wild.

“Businesses now need to keep up with the bad guys and complement their traditional protection with exploit mitigation techniques, specific ransomware protection, and ‘unknown’ payload blocking,” says George. “File-less attacks don’t get detected by traditional and file-based approaches.”

How to Remove Ransomware

As a first step and to protect against ransomware, companies should adopt the following three-point checklist:
 

  1. Delivery: Prevent ransomware installing (anti-exploit)
  2. Execution: Quarantine ransomware before it runs (deep learning)
  3. Encryption: Stop malicious encryption, roll back any changes (Sophos Cryptoguard)
     

Ideally, in order to firstly protect against ransomware, every organisation would prefer to block any malicious code from every breaching the firewall. Advanced deep learning techniques such as those embedded in Sophos Intercept X, identifies and categorises executable content before it’s handed over to runtime.

Efficient machine learning models ensure lower false positive rates and higher conviction rates against brand new or unknown malware. It’s also possible to identify and block anything malicious, as well as PUAs (potentially unwanted applications).

But what if the malicious code has already been executed?

Post-execution monitoring of malicious mass files results in plaintext fields being ‘cryptographically halted’. Not only is all further malicious activity halted, but any files previously affected are returned to their original state.

More Information on Ransomware

Sophos recently commissioned specialist research house, Vanson Bourne, to independently survey 5,000 IT Managers from 26 countries during January-February 2020. Some key findings include:

  • Due to both the increasing complexity and rise in the frequency of cyber threats, outsourcing either some or all IT security is set to rise from 65% in 2020 to 72% by 2022
  • More than half (51%) of organisations were hit by ransomware in the 12 months preceding the survey

Download the Whitepaper: Cybersecurity: The Human Challenge (Oct 2020)

About Brennan IT

Brennan IT has helped some of Australia’s most successful companies identify their IT security vulnerabilities and address them with expert engineers equipped with the best understanding of cybersecurity and the latest technologies for threat detection and mitigation. For an IT security consultation, contact us today.