SOLUTION OVERVIEW

Ransomware, a type of malware that blocks access to data or systems typically by encrypting it, continues to plague organizations. “Famous” variants like WannaCry and NotPetya spread rapidly, crippling organizations and leaving expensive recovery costs. U.S. Homeland Security advisors cited $10 billion and $8 billion in damages for WannaCry and NotPetya respectively.

Disturbingly, other ransomware like Ryuk are zeroing in on specific businesses, like hospitals and healthcare organizations. Using targeted phishing emails, attackers behind Ryuk hope these organizations may be more likely to pay Ryuk’s substantially higher ransom when there are literally lives at stake. The average ransom payment increased 568% from Q3 2019 to Q3 2020 — a trend that is driving more cyber insurance underwriting scrutiny, and boards asking more questions about cyber risk.

Gartner also observes that ransomware is “increasingly being operated by humans” instead of delivered via spam, posing a serious threat for organizations as low-volume, targeted attacks bypass existing security defenses. What’s more, the typical “backup and restore” advice is no longer relevant, with Gartner further noting that the costs in downtime following the ransomware attack itself can be 5 to 10 times the actual ransom amount. Simply put, says Gartner, “What organizations need to focus on is early preparation and mitigation if they want to cut losses to ransomware.”

PROACTIVELY DEFEND AGAINST RANSOMWARE

Protecting against ransomware means preemptively defending against these attacks, as well as reacting quickly post-incident. Having data backed up and a well-defined recovery plan certainly helps streamline response and minimize downtime, but detecting and stopping ransomware before they reach end users is equally important.

Email security plays a critical role in preemptive defenses against ransomware attacks. Since many of these attacks start with a malicious or phishing email, effective email security can act as a frontline defense against ransomware, and stop these attacks before they reach inboxes.

Post-incident, email-focused security orchestration and response, or M-SOAR, can also help streamline response by quickly removing malicious messages, preventing more victims, and stopping further spread of ransomware already within the network.

HOW AREA 1 SECURITY PROTECTS AGAINST RANSOMWARE

Area 1 Security addresses both pre- and post-incident actions to effectively and comprehensively protect organizations against ransomware attacks. Our preemptive defenses means significantly fewer chances of ransomware ever reaching end user victims in the first place, while our post-incident capabilities help organizations execute a swift recovery, minimizing downtime and damage.

Effective Protection Against Ransomware Attacks

Example of a Sophisticated Ransomware Stopped by Area 1:

• Area 1’s full spectrum detection algorithms detected and stopped delivery of this sophisticated ransomware email below, masquerading as corporate HR communication.
• This attempted ransomware attack used a legitimate link to a Google Doc hosting the BazarLoader backdoor trojan. BazarLoader is often used to deploy Ryuk ransomware.

ADVANCED DETECTION TECHNIQUES FOR RANSOMWARE

Modern, sophisticated ransomware often hides behind multiple layers of links or attachments to evade detection. Legacy security tools may only be able to sandbox the initial link or attachment, but miss the actual malicious payload hosted in a secondary link or archive.

Area 1 uses deep payload scanning and other advanced techniques, as outlined here, to detect various campaign and attack use cases.

Like many modern cyber attacks, ransomware typically enters the organization through phish or malicious email messages. Protecting against ransomware requires effective email security to preemptively defend against malicious messages before they enter the organization, as well as respond rapidly post-incident.

To learn more on how Area 1 Security protects its customers against ransomware and other targeted threats, request a demo today.