Can the ransomware epidemic be stopped?

Security challenges

Ransomware is a kind of malware with the potential to permanently separate businesses from their data unless they pay an often extortionate ransom. The total price of ransomware has increased 57 times since 2015 and now exacts a cost of $20 billion per year. With ransomware groups growing steadily bolder, is there any way to put it to a halt?

What increased the threat of ransomware?

Somewhere over the last few years, ransomware took an exponential leap, growing from an occasional nuisance into a constant menace. This growth is down to two reasons.

First, ransomware has been widely adopted by state actors and well-funded criminal groups. That means there’s plenty of money for innovation. What’s more, ransomware feeds on its success. The funds obtained via ransom go right back into funding more sophisticated malware.

Second, advanced ransomware is no longer specific to criminal groups. Instead, attackers license their ransomware and provide technical support to other criminals. This scheme is known as “ransomware-as-a-service.” That means run-of-the-mill attackers no longer need to develop malware in-house. Instead, they can use the most technically advanced malware available for a relatively small initial cost.

In short, ransomware has gotten far more sophisticated because attackers can spend much of their annual $20 billion hauls on improving it. People who wouldn’t be able to build this kind of technology themselves can now get their hands on sophisticated and dangerous malware. That dramatically broadens the number of both cybercriminals and their potential targets, meaning the average business is much more likely to be struck by a successful ransomware campaign.

Stopping ransomware depends on a simpler approach

The ransomware sector now mimics the most successful aspects of the startup economy. In many ways, it’s doing better than the security startups founded to defeat it.

A lot of security software designed to prevent ransomware is aimed at the exploitation stage of the kill chain. In other words, this software notices when a malware program is trying to encrypt many files and then either stops these changes or rolls them back.

The problem is this stage of ransomware is exactly where attackers are focusing the largest amount of effort and innovation. Ransomware is now much faster when it comes to encrypting files. Attackers will incorporate time-saving methods such as encrypting only part of large files (which will still cause an application to break) or infecting the Windows Domain Controller, which means encryption can spread much faster in a tightly connected network.

In addition, a lot of malware will do its best to avoid or neutralize antivirus software before it executes its encryption payload. That’s right—malware will literally try to turn off or uninstall your antivirus before it starts to encrypt your files.

Trying to intercept ransomware as it executes has become a fool’s errand. Malware has become too advanced and stealthy. The best way to stop ransomware is upon delivery before it executes—which means ransomware protection and phishing protection do the same thing.

Kill the kill chain by stopping ransomware at the phishing stage

Ransomware has become both common and highly advanced, but it isn’t impossible to stop. Over 90% of ransomware is delivered via phishing emails, which means the victim must be tricked into downloading and executing a malicious file. If you stop that phishing email from appearing in your employee’s inbox, then you stop the ransomware attack at its source. 

Employees can be trained to recognize and report phishing emails—but intelligent software can do a better job. We’ve trained our flagship security software—Egress Defend—to recognize linguistic and textual signifiers that can indicate a phishing attempt. Using information security techniques devised by the UK government’s intelligence agency, GCHQ, Egress Defend can recognize phishing attempts even when they’re highly individualized and targeted towards VIPs such as the CEO, CSO, or information security administrator.

Malware threats change rapidly. Ransomware groups constantly improve their malware with funding from their previous exploits. That means defenses depending on recognizing ransomware attempts are likely to be outflanked by new methods. By training software to instead recognize and mitigate phishing attempts, we can provide a robust, future-proof defense that stops the ransomware epidemic at its source.

If you’d like to see Defend in action for yourself, book a no-strings-attached demo today.

FAQ:

Can ransomware be stopped?

Yes. Ransomware can be stopped when identified during the initial phishing attempt (preferable) or later when it attempts to encrypt your files.

What is the government doing to stop ransomware?

The US government is taking several actions against ransomware. These range from providing resources for affected businesses to applying sanctions to countries that knowingly harbor ransomware groups.

How long does it take to get rid of ransomware?

That depends. If you have a lot of resources and expertise, you may recover from a ransomware attack in between one and two weeks. If not, then you might go out of business before you ever manage to get out from under a ransomware attack.