All too often, I hear from executives of large and small organizations that aside from targeted attacks, impact from ransomware is their number one concern. That impact was starkly highlighted earlier this month when Los Angeles-based Hollywood Presbyterian Medical Center hospital was hit by ransomware which encrypted data in the electronic medical records system and other key operational systems, locking the hospital staff out of them for nearly two weeks. Only after the decision was made to pay the criminals a ransom of 40 bitcoins (roughly equivalent to $17,000) was access restored to the data residing on these critical systems.
Unfortunately, ransomware attacks like these have become commonplace.
According to some industry estimates, the criminals behind CryptoWall, the most prevalent ransomware malware family, have extorted $325 million from victim organizations and individuals since its emergence in June 2014. Some earlier versions of ransomware families contained significant weaknesses in their encryption logic which made it possible to recover the original unencrypted data, but inevitably the criminals learned from their mistakes and today your only option is to take a chance on paying the ransom to the thieves or to never see your data again. For many, this is one of the most daunting business decisions, given the limited options for recovery and the uncertainty that the thieves will honor their word.
What makes the ransomware threat particularly challenging to detect and prevent with existing legacy security solutions is the effectiveness and rapid pace of server-side polymorphism – the automated modification or obfuscation of the malware files, which makes each file appear as unique and new to signature and Indicator of Compromise (IOC)-based technologies. This is why tens of thousands of CryptoWall malware samples have been discovered in the wild since its emergence, even though the malware family itself has only gone through four major generational changes in that timeframe.
Today, CrowdStrike announced the immediate availability of a fundamentally different and more effective CryptoWall ransomware prevention and detection capability in the Winter Release of our next-generation endpoint security technology, Falcon Platform. Instead of trying to fight the futile battle of detecting this malware based on the ever-changing contents and characteristics of the ransomware program, Falcon Host leverages our pioneering Indicators of Attack (IOAs) to detect and stop the effects of what the CryptoWall ransomware is attempting to achieve before any damage is done. In fact, the IOA approach is so effective and resilient against malware iterations that the detection we wrote during the CryptoWall 3.0 generation worked flawlessly in detecting and preventing CryptoWall 4.0 when the latter was released.
Falcon Platform customers can now feel safe and protected against the severely damaging effects of today’s CryptoWall ransomware.