All too often, I hear from executives of large and small organizations that aside from targeted attacks, impact from ransomware is their number one concern. That impact was starkly highlighted earlier this month when Los Angeles-based Hollywood Presbyterian Medical Center hospital was hit by ransomware which encrypted data in the electronic medical records system and other key operational systems, locking the hospital staff out of them for nearly two weeks. Only after the decision was made to pay the criminals a ransom of 40 bitcoins (roughly equivalent to $17,000) was access restored to the data residing on these critical systems.
Unfortunately, ransomware attacks like these have become commonplace.
According to some industry estimates, the criminals behind CryptoWall, the most prevalent ransomware malware family, have extorted $325 million from victim organizations and individuals since its emergence in June 2014. Some earlier versions of ransomware families contained significant weaknesses in their encryption logic which made it possible to recover the original unencrypted data, but inevitably the criminals learned from their mistakes and today your only option is to take a chance on paying the ransom to the thieves or to never see your data again. For many, this is one of the most daunting business decisions, given the limited options for recovery and the uncertainty that the thieves will honor their word.
What makes the ransomware threat particularly challenging to detect and prevent with existing legacy security solutions is the effectiveness and rapid pace of server-side polymorphism – the automated modification or obfuscation of the malware files, which makes each file appear as unique and new to signature and Indicator of Compromise (IOC)-based technologies. This is why tens of thousands of CryptoWall malware samples have been discovered in the wild since its emergence, even though the malware family itself has only gone through four major generational changes in that timeframe.
Today, CrowdStrike announced the immediate availability of a fundamentally different and more effective CryptoWall ransomware prevention and detection capability in the Winter Release of our next-generation endpoint security technology, Falcon Platform. Instead of trying to fight the futile battle of detecting this malware based on the ever-changing contents and characteristics of the ransomware program, Falcon Host leverages our pioneering Indicators of Attack (IOAs) to detect and stop the effects of what the CryptoWall ransomware is attempting to achieve before any damage is done. In fact, the IOA approach is so effective and resilient against malware iterations that the detection we wrote during the CryptoWall 3.0 generation worked flawlessly in detecting and preventing CryptoWall 4.0 when the latter was released.
Falcon Platform customers can now feel safe and protected against the severely damaging effects of today’s CryptoWall ransomware.
Can’t Protect Your Data from Ransomware? Think Again.
At the end of the day, the mission of CrowdStrike is to stop breaches, whether they’re e-crime motivated breaches, target attackers, hactivists, terrorist groups that are out there, we want to stop the attackers from getting to your environment using malware or non-malware based attacks to try to steal data, destroy data, wreak havoc on your network. Well, when we look at all the types of threats that are out, you’ve got the targeted attacks. Obviously we’re very much focused on prevented theft of data from our customers.
But you also got the e-crime threats, where there are financial motivated attacks, threats like ransomware and banking trojans and others, that want to steal financial data from your company. Ransomware is one of the most insidious threats that companies out there face today. Aside from targeted attacks, it’s really the number one concern that we keep hearing from customers over and over again.
And the reason is that all their data can get encrypted by this malware that is polymorphic– very, very hard to detect through traditional signature based approaches. And as a result of that, you may lose all your files that may be encrypted. Unless you pay a ransom to a bad guy, and you don’t even know if you’re going to get your files back as a result of it, you’re going to lose it.
In our current release, we’re releasing new capabilities with regards to the I-ways that can do both detection and prevention of ransomware. So now it’s as easy as turning on the toggle in the UI, and you can be fully protected against threats like CryptoWall. One of the beauties of our solution is because we’re looking at the effects of what the malware has to do to actually succeed. When we originally wrote this I-way, new malware has come out since then, new upgrades, new versions.
And we’ve been able to detect and prevent all those versions without any changes to the original I-way, because the effects of what the malware is doing are still the same. It still needs to destroy your backups. It still needs to encrypt your files and ultimately delete them. So as we’re looking for those types of activities, we’re able to detect and prevent them before that damage takes place. And as a result, those techniques are extremely resilient against new variants of malware.[MUSIC PLAYING]