The Ransomware Detection Software Selling a False Sense of Security

OCTOBER 4TH, 2017

WannaCry, Not Petya, Bitpaymer, you name it—ransomware attacks are now regularly making international news. As a result, organizations of every shape and size are looking for simple, seamless ransomware detection and protection software that will help keep their critical systems and data safe.

Enter, automated ransomware detection, conveniently packaged on a backup and recovery appliance.

Now, there’s a data protection solution that sounds too good, too simple to be true.

And, that’s because it is.

Be wary of data security promises from backup vendors

A ransomware attack could devastate your business. You know that—it’s what keeps you up at night.

And, it’s why both data security and backup and recovery vendors are trumpeting “ransomware protection” messages.

We all know ransomware represents an existential threat to your organization, that regular news coverage is making the threat real for your C-suite, and that these messages generate the sense of urgency among decision-makers that enable you to act in your business’s best interest.

Unfortunately, Unitrends is selling little more than a false sense of security.

They’re promising ransomware detection software that, when paired with their backup and recovery appliance capabilities, can mitigate the impacts of a ransomware infection. And, they’re leveraging advanced technology buzzwords like “machine learning” and “predictive analytics engine” to give you confidence in their solution.

Heck, it sounds cutting edge. It must be good, right? Wrong.

It’s an overblown claim that could mean disastrous consequences for your business.

Why this ransomware detection software isn’t all it’s cracked up to be

Unitrends have been pretty forthright about misleading you with this capability. In other cases, they’ve flat out lied to you.

For starters, this solution doesn’t scan for ransomware—in fact, it doesn’t even look at the data itself. Rather, it establishes a backup metrics baseline and uses data analytics to spot spikes in activity.

For example:

  • Did you execute a more than usual number of changed files in a given day?
  • Did you rename a higher number of files?

These things might be symptomatic of a ransomware attack.

But, like footprints in the snow leading to your front door, they don’t necessarily indicate an intruder lurking inside. In fact, they could represent the backup equivalent of a mail carrier dropping off the latest edition of Wired Magazine.

Another downside of their methodology is that the parameters are user-definable. Meaning, you determine the threshold that will trigger an alert.

Two problems often result, here.

First, the end users of this ransomware detection software are rarely data analytics experts. While they might get a little support in the beginning, they’re taking guesses each time they reset their parameters —and that minimizes what amounts to an already negligible benefit.

Second, new users are anxious to lock down their systems to prevent a ransomware attack. With that in mind, they set a low threshold for alerts, so they can be kept apprised of potential threats and mitigate their impact. Unfortunately, this results in a lot of false positives—and the constant cries of “Wolf!” lead users to repeatedly soften their thresholds to a point where the software is no longer informative or effective.

And, here’s the kicker: Because the end user is responsible for setting parameters and Unitrends isn’t a data security expert, they’re not on the hook for any failures. Talk about a lose-lose scenario.

To be crystal clear, this ransomware detection solution does not mitigate infections—and it certainly doesn’t block them.

Our recommendation to you

Your data, applications, and systems are too valuable to leverage anything less than expert advice.

So, leave the data security up to the security experts. And, if a sophisticated ransomware variant does slip through, we’ll be here to help you recover.