Ransomware is typically initiated via phishing or social engineering tactics, these attacks often take advantage of human error for the successful delivery of the malware. These criminal organizations are impartial to the size of your organization. They target any company with data, and if you don't pay the ransom, your information could be posted to a public forum or sold on the Dark Web for profit. Most companies unfortunately are forced to pay due to system failure and file corruption.
The scariest about these methods is that the Ransomware doesn't need to be developed by the attackers. Ransomware services can now be purchased on the DarkWeb and used at the Cybercriminal's will (RAAS). As these Ransomware attacks and services evolve, how can companies arm themselves with the right solutions to defend themselves from these evergrowing attacks?
Join us in our latest webinar with Dr. Christine Izuakor (cybersecurity expert) and Jay Godse (head of product dev at Veriato).
2. Confidential
Your speakers
Dr. Christine Izuakor
Dr. Izuakor is the Founder and CEO of Cyber Pop-up. She has 10 years of Fortune 100
enterprise technology and leadership experience, including building numerous
security functions from the ground up at United Airlines. She earned a PhD in Security
Engineering, is a cyber security professor, writes and speaks on a wide range of cyber
security issues globally, and helps corporations solve a broad range of strategic
cybersecurity challenges.
Jay Godse
Jay Godse is the Head of product and technology of Awareness Technologies. He has
over 15 years’ experience in building enterprise scale SaaS businesses that are focused
on Information Security and regulatory compliance. He brings deep expertise in
developing security programs for large enterprises as well as SMBs.
3. Confidential
Today’s agenda
• Ransomware 101
• A deep dive into the Colonial Pipeline breach
• The rise of ransomware as a service
• Why traditional backups and antivirus aren’t enough
• Tips for ransomware detection and prevention
9. Confidential
• Advanced ransomware can target backups
• Traditional antivirus is not comprehensive enough to
defend against today’s ransomware
Are traditional backups and antivirus
enough?
10. Confidential
How can businesses evolve to address
ransomware attacks?
• Strong backup strategy with segmentation
• Comprehensive endpoint security
• Insider threat management
• Zero Trust culture with robust user verification
• Early detection and real-time response
11. Confidential
85% of security professionals
believe ransomware is the
biggest cyber threat to SMBs.
Global State of Channel Ransomware Report
12. Confidential
What are key solution capabilities that
matter?
• Advanced detection with up to date signatures
• Encryption interception capabilities
• Safe backup storage
• Malicious account and activity blocking
14. Confidential
Why is Antivirus not enough to
combat Ransomware?
● AV cannot respond to the attack or lock down the machine initiating the attack.
● Even the most advanced Antivirus solutions cannot always detect unknown
malware signatures which means ransomware might go unnoticed until it is too
late. In fact, some ransomware is designed to spoof AV.
● Antivirus does not include any backup utility to help you restore your encrypted
files.
Can your AV solution reliably protect you from
an attack, and provide you with remediation
tools?
15. Confidential
Download
Installs on
Server in less
than 10 mins.
Detect
Detect, alert
and restore
before the
business is
held hostage.
Protect
Should Ransomware
reach the file
server, RansomSafe
will
lock down the
endpoint to prevent
further
encryption.
Backup
Failsafe
backups
ensure the
latest version
of your files are
always
available for
recovery
Recovery
Once the
attack is
stopped,
recover in
minutes with a
few clicks. No
extensive or
expensive
downtime.
Multiple Mechanisms
For Response RansomSafe
16. Confidential
Solution Features
RansomSafe™ acts as a vital layer in your ransomware defense, combining just-in-time data
protection with multiple mechanisms to detect, and shut down attacks before they hold your
business hostage.
RansomSafe
Christine: *walkthrough agenda and what attendees will walk away with*
Christine to set context:
Attacks are up.
Ransomware hostage negotiations careers soaring.
Discuss remote work influence and user enablement.
IBM's X-Force incident response team reports ransomware accounted for 25% of the breaches they encountered in 2020
Christine to set context:
Growing cost.
Ransom + the costs of operational impact, recovery, data recreation if lost, etc.
One report shows operators of the ransomware Sodinokibi determined ransom demands based on the victim organization's revenue. It ranged from 0.08% to 9.1% of the victim's annual revenue on average.
E.g. The Atlanta city government spent over $17 million to recover from a virus attack that demanded $52,000 in Bitcoin.
Trend of Bitcoin reserves for payments.
Christine to set context:
There's a clear shift in the focus of ransomware attacks over the years. Unlike the global attacks of WannaCry and NotPetya from the 2017s, where the attackers would "spray and pray" for ransom, now these attacks are more strategic, targeting a definite revenue goal from the ransom. More strategic and targeted attacks that search for backups and infect those too. Double extortion attacks are another key trend. This method uses the twin strategies of demanding the ransom after encrypting data and leaking the data if the victim refuses to pay up.
Question from Christine to Jay:
Can you expand on that? What does ransomware look like in 2021? What are the latest variants and trends? How has it evolved from your perspective?
Jay: Share thoughts
Questions from Christine to Jay:
Georgia-based Colonial Pipeline, the largest pipeline system for refined oil products in the US, was hacked in May 2021. It prompted the company to shut one of America's major arteries for fuel delivery which resulted in physical impact across various states.
What happened here? Why was it so significant? What were the impacts?
Jay: Share thoughts
Questions from Christine to Jay:
One trend helping in this space is RaaS. For those unfamiliar, can you simplify what RaaS is and why it’s a concern?
Jay: Share thoughts
A resource : https://www.darkreading.com/attacks-breaches/new-ransomware-group-claiming-connection-to-revil-gang-surfaces/d/d-id/1341271?_mc=NL_DR_EDT_DR_daily_20210611&cid=NL_DR_EDT_DR_daily_20210611&elq_mid=104424&elq_cid=23061409
Potential POLL question:
What’s your primary strategy against ransomware:
Backups
Antivirus
Training and awareness
A wish and a prayer
Questions from Christine to Jay: Walk us through a day in the life of someone trying to rely on traditional backups and antivirus for ransomware protection. What are gaps in options or challenges one might face?
Jay: Discuss key points
A few ideas
By design, antivirus software looks for known ransomware. New ransomware variants will likely be left undetected.
Antivirus doesn’t always prevent human error when users click infected links or insert corrupted USB drives.
Alerts on potential danger, but may not block a successfully launched ransomware attack or help recovers damaged files.
AV may not be effective against ransomware-infected apps when they’ve granted the apps with permissions to access their system-critical data.
Questions from Christine to Jay: : How can businesses prevent, detect and respond to ransomware attacks?
Jay: Share thoughts
Christine to set context:
Impacting companies of all sizes. mid-market especially is ill equipped to respond/survive. Everyone is looking for help in this space and tech can help. *Segway to next slide”
Questions from Christine to Jay: For companies large and small looking to defend against these attacks through technology, walk us through some key solution features that matter.
Jay: Share thoughts
*Segway into demo to actually show features*
Christine:
Transition to Q&A and then close out session
Antivirus solutions can only notify you with a warning that ransomware may have been detected. But AV cannot respond to the attack or lock down the machine iniating the attack
Antivirus cannot detect unknown malware signatures which means ransomware might go unnoticed. In fact, some ransomware is designed to spoof AV.
Antivirus does not include any backup utility to help you restore your encrypted files.
Antivirus makes educated guesses (Heuristic Analysis) as to whether the malware is a threat. But the solutions dont always get it right.
Options:
Backups: Need a current backup
Backup is one of the best way to deal with backup: need to monitor your backup
False sense of security
People pay when they do not have the ability to restore
People Restoring their data will take too long and the backup doesn’t fully restore the data.
SMB have Lower cybersecurity budgets
Enterprise believe they are covered with all their security
Do not have the technologies in place to detect a ransomware attack, and do not have full backup systems
Less staff training on security
Criminals attack because they know how critical data is and how fast they need it.
Ex: SMB less money - $800
State agency - $10K
File Screening: Veriato RansomSafe™ is continuously updated, maintaining a robust database of known ransomware signatures. The software will, in real time - detect the presence of known variants by matching against this database.
Honeypots - By helping you place honeypot files on your file that, if modified, alert Veriato RansomSafe™ to a ransomware attack, the software is able to reliably detect attacks from previously unknown variants.
Fail-Safe - The best protection against the disruption and expense of a ransomware attack is current backups. Veriato RansomSafe™ intercepts the command to encrypt (or delete) your files, making a copy and storing it safely away from the reach of the attack.
Lockdown - Veriato RansomSafe™ blocks the user account attempting to encrypt your files from making changes to the file system, shutting down the attack to prevent further encryption attempts and to minimize the restoration effort required. Veriato RansomSafe™ can send you an email notification immediately if and when this happens, allowing you to respond quickly.
Mention Zero day attack feature that might be coming soon?
Focus on the cost of paying the Ransom.
Back up and running in less than 15 mins.
Christine:
Transition to Q&A and then close out session