Ransomware: what are security vendors doing about it?

Keyboard equipped with a red ransomware dollar button.

Ransomware is on the rise, but the authorities struggle to deal with it, so businesses often end up paying the ransom! What are security vendors doing to combat it?

You don’t need to look very far to see the hoo-ha that ransomware has recently caused.

This is not only because the sheer volume of ransomware attacks has swollen as never before (global cases increased by almost 170% in 2015, with the UK “disproportionately hit,” according to this FT.com article), but because the number of cases reported has actually gone down.

This can only lead to one conclusion: businesses are paying the ransom, in an attempt to get their businesses back up and running, because the authorities are failing to help them do so!

It’s one hell of a gamble. Cybercriminals aren’t exactly known for their integrity or willingness to be bound by contract, so where’s the guarantee that they’ll give businesses back the access to their files once they’ve coughed up?

Indeed, as FBI Cyber Division Assistant Director James Trainor has commented,  “Paying a ransom doesn’t guarantee an organisation that it will get its data back—we’ve seen cases where organisations never got a decryption key after having paid the ransom.”

Ransomware: what it is, what it does

Before we go any further, though, let’s clarify terms. All ransomware (CryptoLocker, CryptoWall, and CTBLocker are names that crop up often, but there are many others, some of which are listed here) is about blocking a business’s access to a system and/or its files until a sum of money is paid to the malefactor.

In practice, this happens in many different ways, varying from scareware, to browser or screen-locking software, to encrypting ransomware. (This Malwarebytes infographic, that our partners can now request to co-brand and use for their own marketing campaigns, explains it very neatly).

In a further malevolent twist, cyberattackers may choose to “leak” the files that they have sequestered if the ransom is not paid, exposing a business’s potentially confidential and legally privileged information to public view online.

Reputationally, this can be shattering, but the financial impact of ransomware is breathtaking too. The Verizon Data Breach Investigations report puts the business cost of losing access to just 1000 records at more than £46,000!

In short, businesses are vulnerable, the authorities are swamped, and there’s no honour among cyber thieves. So it’s down to security vendors to step up to the plate and prevent ransom situations from arising in the first place. Here’s a taste of how three of them are turning the tables on the file felons!

Bitdefender: cross-product protection at startup

Bitdefender’s answer to the ransomware challenge has been to develop a Ransomware Protection module that is included in all Bitdefender 2016 products (including business versions sold through the IT channel).

Clearly, this makes ransomware protection accessible to the end-user, regardless of the product they or their organisation have purchased.

But Bitdefender products also activate the Ransomware Protection module at startup, and scan all critical system areas before files are loaded, with zero impact on the system’s performance.

At the same time, protection is provided from certain attacks that rely on malware code execution, code injections, or hooks inside dynamic libraries, so defence against the ransomware is instant, broad, doesn’t slow end-users’ core computing tasks down, and – most importantly of all – doesn’t let the ransomware get a foothold.

Malwarebytes: ransomware protection throughout the infection timeline

Malwarebytes has built a solid reputation on its ability to detect, monitor and block malware of all kinds, right from the earliest attempts by the malware’s author to probe the most effective delivery methods.

This means it can spot indications of threatening behaviours way before the threat actually deploys – and it has applied this philosophy to its Anti-Ransomware product, too.

In the words of their security blog, it “uses advanced proactive technology that monitors what ransomware is doing and stops it cold before it even touches your files.” The ransomware therefore “has no shot at encrypting.”

Although the product is still in beta, it is based on an already successful application  - CryptoMonitor - that Malwarebytes acquired from EasySync Solutions, so its provenance certainly inspires trust.

We don’t yet know how Malwarebytes will market the general release version for business users through the IT channel. Will businesses be able to buy it standalone? Or as part of the existing Malwarebytes Endpoint Security suite?

The latter is already a truly potent bundle. It includes the powerful Anti-Malware solution that (uniquely!) also comes with an inbuilt remediation tool – that is to say, it can clean up already infected systems, making for some very grateful customers!

It also includes the Anti-Exploit solution, that detects the zero-day exploits that other solutions simply miss. Factoring Anti-Ransomware into this already compelling combination would be something of a coup!

Watch this space…

Trend Micro: fight ransomware at every layer

Ever the source of insightful and sobering security stats, Trend Micro has publicly announced that ransomware infections among UK firms in February 2016 alone far exceeded the figures for the first six months of 2015!

Its approach to fighting ransomware is highly layered, with Ransomware Protection features included in its endpoint products (OfficeScan, Worry-Free Business Security), email and gateway products (ScanMail, Cloud App Security, Hosted Email Security, amongst others) and network products (Deep Discovery).

Trend Micro was named a Leader in the 2016 Endpoint Protection Platforms Magic Quadrant, published by industry analyst Gartner. This covers, amongst other technologies, anti-ransomware, so Trend’s solutions are definitely “up there” when it comes to stopping businesses being held at gunpoint!

Anti-ransomware: a pattern emerges

In all the three vendor cases mentioned above, there is a strong underlying truth: everything turns on being able to stop the ransomware infection happening in the first place. Once files are infected, it’s way too late.

This knowledge has certainly been an incentive for security vendors to act. If it’s not an incentive for businesses and the IT channel partners who supply them to act, too, I don’t know what is.