Combatting the Threat of Enterprise Ransomware
June 7, 2016 | Security and Risk | Jessica Stanford
Ransomware has been around for decades, but it’s quickly gaining popularity among attackers. In 2015, the FBI received 2,453 complaints about ransomware, costing victims more than $24 million dollars – and those are only the cases that were reported. Those numbers have the potential to rise significantly in 2016.
CISOs and other senior IT security executives are under pressure to combat the threat of ransomware, not only because of the fear of becoming another headline, but also because ransomware has demonstrated the ability to take control over a business.
Ransomware is particularly daunting for a few reasons:
- Administrator rights are not always required. So, while privilege management can play a role in mitigating risks, many strains of ransomware can encrypt data using standard user rights, so even if an organization has removed local administrator rights, this doesn’t necessarily mitigate the risk.
- There is immediate impact to business productivity. Ransomware has a devastating and immediate impact because it can encrypt (and render unreadable) all files that a user has access to in a corporate environment.
There are a number of techniques organizations can use to mitigate the risk of ransomware attacks including regular backups, anti-malware, privilege management and application control/whitelisting. At CyberArk, we have helped many organizations employ a combination of application control and least privilege enforcement to protect against advanced malware attacks. These capabilities are designed and proven to protect organizations from ransomware attacks, a specific form of malware.
To provide the efficacy of the solution, the CyberArk Labs team has manually tested 450 specific ransomware samples from 14 different crypto families (including Cryptolocker, Petya, and Locky) – focusing on the most common and notorious ransomware strings. CyberArk Viewfinity is able to block 100% of the ransomware samples from successfully encrypting files.
Most anti-malware and anti-ransomware solutions today focus on detecting and blocking malware at the point of inception. These solutions can be helpful when you know what you’re looking for – but when it comes to ransomware, there are new variants coming out every day. It’s challenging to stay ahead of the attackers and block all variations of ransomware from entering a network.
CyberArk Viewfinity takes another approach – protecting the sensitive files in an organization from the damage that often results from ransomware attacks. Employing greylisting, an approach that allows unknown applications (e.g. the latest ransomware variant) to execute, the solution blocks ransomware from being able to access or encrypt files. By applying proactive protection on the actual files that ransomware is attempting to encrypt, this approach can render ransomware incapable of causing damage.
The CyberArk Viewfinity approach is signature-less and protects against known and unknown variants of ransomware. By applying a protective layer of security around the target of malicious applications, the challenging task of detecting polymorphic malware is no longer the only strategy.
For an explanation of how ransomware works, check out a previous blog post that examines a recent attack targeting three Indian banks and a pharmaceutical company, resulting in millions of dollars in damage.
Editor’s Note: CyberArk Viewfinity with enhanced protection is now CyberArk Endpoint Privilege Manager.