Three Secrets to Ending Ransomware

Stopping ransomware isn’t easy. If it were, there wouldn’t be so many successful attacks out there. According to ThreatPost, there has been a 151% increase in ransomware attacks in the first half of this year compared to the first half of last year, with over 100 different strains in circulation. 

However, as an authority in ransomware, Cybereason is dedicated to arming you with all you need to know to stay prepared and ahead of your attackers. Here are three ways that no one seems to talk to about:

Adopting an Operation-Centric Approach

It seems intuitive that to be able to protect yourself from ransomware, all you need to invest in is a really strong AI-driven cybersecurity solution. Although that is true, it is not the full answer. Ending ransomware is about minimizing the window of time between the moment when a ransomware attack infiltrates your environment and the moment when you’re able to detect it and respond to it. The reason for this is because ransomware attacks occur in stages. 

After gaining an initial foothold in your environment, attackers will quietly work in the background, moving laterally between machines and exfiltrating data, ensuring they have enough valuable or sensitive data to demand a high ransom. The best defense you have to protect yourself is the ability to mitigate the attack before the attacker actually gets to the encryption stage. 

With this in mind, when it comes to selecting a cybersecurity solution to battle ransomware, you need a strong solution that utilizes an operation-centric approach, rather than an alert-centric approach. An alert-centric approach fires off alerts for each individual malicious activity on each of the impacted machines. 

For example, if you have 1000 machines that have been infiltrated, an alert-centric solution would send 1000+ alerts with seemingly disparate events that have to be sifted through. An operation-centric solution would send one notification of the entire malicious operation, and list out all 1000 affected machines that can be remediated with a single click. 

However, how can you trust an operation-centric approach? Having an AI-based endpoint protection solution that just makes its own connections and delivers its own correlations of the undergoing malicious operation can be unnerving. Cybereason understands, so we built the most human-friendly endpoint protection solution. 

If Cybereason detects a malicious operation taking place, it generates a MalOp™ (Malicious Operation) -- a visual representation of the complete attack. The most unique element of MalOps is that the Cybereason Defense Platform shares the complete list of suspicions and associated evidence which led to the MalOp’s generation, making it an AI-driven solution that is easier to build trust with.

Staying Ahead of the Ransomware Curve

As mentioned previously, there are over 100 ransomware strains in circulation, and that number just keeps growing. It’s important now, more than ever, to invest in solutions that not only protect you from known strains, but unknown strains as well. 

Thankfully today, the market has quite a few options for AI-based cybersecurity solutions, which can learn from patterns of ransomware behavior to help identify previously unknown strains. But the question remains, how do we know which one to select? The strongest AI-based solutions are backed by a cutting-edge threat intelligence team. 

Cybereason Nocturnus, our world-class threat hunting team, performs in-depth research of new techniques being used by attackers to inform our platform of what behaviors to look out for. Nocturnus was the first to expose the DeadRinger Campaign where threat actors operating in the interest of the Chinese government targeted global telco companies for espionage, and has helped to keep defenders safe from ransomware strain after strain

Solving for Motivations, Not just Ransomware

Ending ransomware goes beyond innovating for new strands of it. It’s also about understanding the motivations behind the attacks in the first place, and using this to more strategically end ransomware. 

Ransomware attacks are rampant, but that’s only because they are successful. Attackers, like all other humans, will continue to execute on what benefits them, which is earning large sums of money from ransomware payouts. According to the Cybereason study done on Ransomware -- Ransomware: The True Cost to Business -- 80% of the companies that paid the ransom suffered a repeat attack. 

Another critical point to consider is double and triple extortion. Double extortion is when an attacker steals your data prior to encryption, such that if you just decide to rely on back-ups instead of paying the ransom, the attacker can threaten to publish the data online. This can take a more serious turn should your attacker decide to launch triple extortion, or offering your stolen data to competitors or investors who can short your company’s stock.

That is why it’s crucial to identify malicious behavior and respond to the attack before the stage of having to pay a ransom. This goes back to Cybereason’s strategic two-fold approach to ending ransomware: providing really strong prevention capabilities and reducing the mean time to detect and respond. 

Cybereason is undefeated in the fight against ransomware. Learn more about ransomware defense here or schedule a demo today to learn how your organization can stay undefeated.

Karishma Asthana
About the Author

Karishma Asthana

Karishma is a Product Marketing Manager at Cybereason. She was previously with Accenture Security where she worked as a penetration tester and was responsible for helping clients understand and manage their security vulnerabilities. Karishma is passionate about exploring large shifts in the cybersecurity industry from a technical and strategic point of view.

All Posts by Karishma Asthana