Ransomware constantly makes the headlines these days. This week, Sinclair Broadcasting saw its systems taken down, with one Sinclair reporter quoted as saying, “still no phones, file video or graphics” three days after the attack. The company's stock dropped nearly 3 percent that day. We don't know how the ransomware wiggled its way into Sinclair at this point, but the lesson is still evident. Everyone is a target. But here's the real problem: today's cybersecurity solutions can't stop ransomware. Here's why.
Humans Are Human
Two-Factor Authentication Isn’t Fully Deployed
Two-factor authentication (2FA)—where users must provide two different authentication factors to verify their identity—is one of the most basic security improvements your organization can implement. The problem is that most organizations either haven't implemented 2FA or haven't implemented it everywhere. Maximize prevention with 2FA by enabling it for anything that requires a user name and password—email, applications, logins, and VPNs, for example.
Antivirus Solutions Can’t Keep Up
Antivirus software (AV) has been around since Creeper was created in 1971. While in the decades since these solutions have gotten better at preventing malicious software, many still rely on outdated, signature-based systems. That means hackers can easily bypass them. For AV software to detect malicious code, it must have a binary signature of the code or a file hash. And that only works if the code doesn't change. Renaming functions inside the code before compiling it, or moving code blocks around inside the code, can eliminate the AV software’s effectiveness.
Endpoint Solutions Have Limitations
While today’s detection and response endpoint solutions are more effective than AV software, they have their limits. Because endpoint event logic lives in the cloud, there can be a delay of several seconds to minutes between an event’s occurrence and its appearance on an admin console. That brief gap may be all it takes for ransomware to be activated and shut down your entire network. Even worse, attackers often stage the actual ransomware payload across all of the systems in your network ahead of time, so it is executed simultaneously throughout your organization—before your detection and response solution sends an alert.
Ransomware Tools and Services Are Easy to Find
One quick search on GitHub brings up all kinds of open-source ransomware like RansomO. You'll even find an open-source ransomware-as-a-service (RaaS) option for Linux, macOS, and Windows. Everything from phishing toolsets to obfuscation frameworks, initial access tools to credential-abuse tools can be found for free on GitHub. Security professionals often develop and release attack frameworks based on the premise that potential victims need to understand these tactics. But the reality is that these frameworks are often used by hackers, making it harder for you to stay a step ahead. Even worse, while there is documentation to support using most of these tools, there isn’t any support for detecting and stopping them.
Your Last Line of Defense
While your prevention strategies and tactics may keep your organization safe from ransomware to some degree, it’s clear there is no way to be 100 percent certain your systems and data are secure. That’s why you must establish solid backup and disaster recovery practices. You should take backups frequently. And be sure that any solution you choose takes immutable snapshots of your complete data set. Immutable snapshots can’t be altered or deleted, making them immune to the ravages of ransomware. If you are the victim of an attack, these snapshots also make recovery quick and easy.
Get the Facts
Learn how you can be proactive in your ransomware defense and never pay a ransom. Check out our special StorageCraft Ransomware Bundle offer or watch this on-demand demo.
You May Also Like
- Backup and Disaster Recovery Business Continuity Compliance Cybersecurity Data Protection Data Resilience Ransomware
DCIG Review: Embracing Hybrid Clouds and Mitigating Ransomware Threats with Arcserve UDP 10
October 31st, 2024 - Backup and Disaster Recovery Business Continuity Compliance Cybersecurity Data Resilience
It’s Cybersecurity Awareness Month: Why Compliance Is More Crucial Than Ever To Securing Our World
October 8th, 2024 - Business Continuity Compliance Cybersecurity Data Protection Data Resilience
Tech Conversations | Beyond the Arc: Mastering Crisis Management in Cybersecurity
October 2nd, 2024