Imperva Ransomware

Stop Ransomware in its Tracks

Ransomware has risen to the number two spot on the list of crimeware issued by Verizon in their most recent data breach report. Rather than delving into the reasons for the alarming rate at which crimeware/malware is spreading, we would want to emphasize that securing data at the point of origin is the most effective method of protecting it. Researchers at Imperva have devised an ingenious solution that can detect and block the CryptoLocker/CryptoWall ransomware family, which is currently in circulation. In a recent report, The Imperva Defense Center described how they tracked down and decrypted the money trail of the most successful ransomware of all time, CryptoWall.

Is curiosity risking your data?

Our curious feline friends have taught us that human curiosity is beneficial for both survival and phishing. Unfortunately, we have not learned from our curious feline friends. People’s proclivity to open (and click on) phishing emails – with a whopping 30% of us falling victim to the crime – is the primary reason for the spread of malware around the world. As a result of the growth in big data breaches, identity theft, and online fraud, one would expect people to be more conscious of their online security and be more cautious.
The ransomware phishing attack came from Verizon DBIR 2016.

Why does ransomware spread faster than the common flu?

Strangely enough, malware is similar to the common flu in terms of the number of different variants that can be found in the wild, which is surprising. Malware code changes at a breakneck pace, so frequently that you are unlikely to see the same malware more than once. As shown in the graphic below from Verizon DBIR 2016, hackers are changing their code at a breakneck pace to avoid detection — 99 percent of malware is visible for 58 seconds or less. Endpoint protection that is based on signature-based detection is severely handicapped when it comes to catching something it does not recognize.
ransomware hash \sSource Verizon’s DBIR for 2016 is out now.

Ransomware does not discriminate

Enterprises and Mac computers are not immune to ransomware, and neither are they safe from it. Everything was tried, including seeking aid from the FBI, but Hollywood Presbyterian Medical Center ultimately had to pay a ransom of $17,000 to free the patients. Unfortunately, ransom payments serve to encourage more bad actors to join the fray and increase the amount of money at stake.

Is there a better solution than backup and recovery?

Backups are a wonderful option, but there can be significant downtime while data is being recovered and restored, which can cause significant business disruption. When we couldn’t come up with a better solution ourselves, we turned to the experts at The Imperva Defense Center. In our labs, the research team examined a variety of ransomware samples as well as the patterns of data access that they observed. In their approach, they identified an anomalous data access pattern and developed a method to prevent the malicious takeover of data stored in file repositories from occurring. The solution detects and blocks the CryptoLocker/CryptoWall ransomware family in real-time, preventing it from spreading. The solution is available for use with all Imperva File Security products, including the flagship product.
Imperva customers using SecureSphere File Security products can access the ransomware mitigation deployment guide through their support portal or by contacting their sales and customer service representatives.