In this video, Ian Shave, Global Director of IBM Storage, dives into a high level overview of how IBM Storage and Security work together to prevent and dramatically limit the damage of a targeted cyber attack.
Understanding Ransomware
Ransomware is a generic name for a family of computer bugs programmed to lock up endpoints, such as PCs, servers or mobile devices, in various ways. Ransomware encrypts data on the endpoint or revokes access to the endpoint itself, then asks the victim to pay a ransom to regain control of the endpoint. A ransomware attack can affect an individual or organisation anywhere in the world.
The Northdoor Ransomware solution
Northdoor’s defence solution detects ransomware as soon as encryption occurs. Once encryption is detected, we suspend the relevant system(s), warn the IT department, and display a popup warning users their files are at risk and enabling them to stop the attack.
Our ransomware defence solution can also educate your users on the telltale signs of a ransomware attack.
Remember, it only takes one employee on the network to execute ransomware, potentially affecting the entire company and stopping your business in its tracks.
And if the worst happens, and you suffer a ransomware attack, Northdoor can help you recover key systems in an isolated and secure clean room.
Ransomware isn’t subtle
Most malware silently persists in the network, carefully surveying the network surroundings, awaiting instructions or the right opportunity to attack your systems. These programs mask their actions to evade detection and attempt to gain elevated privileges.
Ransomware, on the other hand, wants to be discovered. As soon as the program starts encrypting files, it reveals itself to the victim and demands a hefty ransom, many times along with various threats.
Our research into ransomware protection shows that while there are some very sophisticated strains, many are crude and poorly written. But just like an improvised weapon, the less refined strains are easy to produce and can be extremely effective.
A piece of malicious code that promotes its existence up-ends the way most traditional anti-malware and anti-virus products work.
You may think that lacking intricate malicious mechanisms makes ransomware easier to detect. But in practice, those mechanisms are often weak spots that make other types of malware stand out.
Ransomware doesn’t need to be accurate
Ransomware just wants to cause as much damage as possible. It doesn’t need to encrypt all of your files to be successful – it just needs to scramble enough important ones. Ransomware grabs and encrypts anything: quarterly revenue spreadsheets, Word documents, PowerPoint presentations, photos. And the list goes on. Ransomware fires in all directions and hopes to hit something important. This lack of specificity makes ransomware more difficult to detect. You can’t concentrate on defending only certain locations or applications. You have to monitor everything, all the time.
Ransomware is alarmingly quick
Ransomware takes between 5 and 20 minutes to encrypt every relevant file on the average hard drive. That means that even the slowest, single-threaded ransomware can encrypt numerous potentially important files in seconds. Since Ransomware works quickly, detection and response time is of the utmost importance, which may be problematic for certain behavioural-detection solutions. Unlike detection based on what-the-code-is, detecting malware based on what-the-code-does is prone to false positives and requires collecting additional evidence before a verdict is reached. This leads to systems being compromised with ransomware on a daily basis.
For more in-depth information about the most recent ransomware attacks and how you can prevent them accessing your data, contact Northdoor.
Zero Trust and Ransomware
Ransomware is not a “one size fits all” attack.
There are many different entry points (e.g., phishing campaigns, re-used corp. credentials, misconfigured resources, and more)
Attackers have many different motives, which alter how ransomware “unfolds” at a target.
Northdoor offers a full threat-analysis exercise, covering all major aspects of IT security and data protection.
Organisations today face a complex array of IT security and data protection risks. Cybercrime is on the increase, particularly as companies open up their systems to partners and customers, and legislation such as the GDPR places a heavy burden on organisations to understand and manage their data better.
Northdoor’s expert Security practice offers a consultant-led Threat-Analysis Exercise to help organisations understand today’s threat landscape, compare their current capabilities with those of their industry peers, and plan a best-practice enhancement programme. By showing you where and how to invest, we can accelerate your legislative compliance, strengthen your cybersecurity posture and improve your data governance – rapidly and cost-effectively.
For more information and to arrange a no-obligation call-back, please contact us today:
Cyber recovery—a last line of defence
Alongside this ransomware-detection solution, Northdoor offers an advanced cyber recovery solution that automatically backs up critical data to an immutable, air-gapped vault. This means that even if the worst happens, and a piece of malware manages to get onto your production systems, you should be able to recover to an uncorrupted backup.
Related Articles
Solution
Get a snapshot of your Data Security posture against Zero Trust principlesRegister for a free workshop and learn how our zero-trust vision can protect your users, devices, networks and critical data assets.
View all of our Data Security Solutions
Request a demo or contact sales on: 0207 448 8500
Find out moreLatest Blog Articles
Subscribe to our newsletter
Subscribe to our newsletter to get the very latest insights and updates in the world of enterprise IT and data security: