This week, we held our first BrightTALK webinar of 2016 (January 19th), talking about crypto-ransomware. I’ve got to admit I’m always overwhelmed at the numbers of people interested in this as a topic, and I called in help from one of our top threat researchers Tyler Moffitt to help me out with answering the more technical questions. In fact, Tyler and I double-handed the presentation as we’re both getting used to discussing the issues. It always helps when you have a real expert on hand, my background isn’t a coding one.
We tried as always to be terrifyingly truthful. At Webroot, we have had a lot of success with our next-generation behavioral approach of stopping customers from getting infected by all the variants of Crypto. Inevitably that leads to malware authors’ taking an interest in finding ways around our defenses, which admittedly has lead to a few very regrettable failures in stopping the infections) Right now though we are holding our own and, in fact, have been forced to innovate more to be even better at stopping this threat.
None-the-less, we do not believe we can stop every crypto threat, but we do believe we can protect against these attacks far faster and more effectively than other endpoint solutions. I might add no testing or results I’ve seen anywhere else or claims from expensive machine learning next generation vendors makes me believe anything different. There are a lot of Emperor’s new clothes out there, and as my namesake Hans Christian Andersen’s points out, “They haven’t got anything on!”
I’ve also done something I don’t normally do and that’s send out slides to those that requested them, if for a good reason. Which usually is to persuade a recalcitrant or unbelieving customer they need to spend some cash on protecting their only real asset, their irreplaceable data. I did mention a story I was told by a Webroot Partner in Australia about a friend (not a Client of his) who’d paid-up AUS $100,000 to get his server unencrypted after an attack, much what the FBI were forced to admit they often advise too.
These days if the crypto-ransomware has encrypted your files and unless you have other precautions in place, you are in trouble. Even paying up is not a guarantee. And this isn’t just for businesses but home consumers as well; this infection will and does target anyone with a connected PC.
The presentation which I am referring to above can be accessed here: https://www.brighttalk.com/webcast/8241/181075. This is a very logical approach when it comes to discussing what crypto-ransomware is; it’s history; its variants; some ways it avoids detection and probably most valuable what to do to protect yourself from having to pay extortion money for your own data.
On a more emotional level, I’d like to take the treasured programming from the malware authors of crypto-ransomware and delete it forever. I’m sure they’d agree with their own assertion that CryptoWall is not malicious. I agree it isn’t – it’s pure evil in a digital age.