In the digital era, ransomware has evolved into a sophisticated and formidable threat to global cybersecurity. Recent insights from the UK’s National Cyber Security Centre (NCSC) and initiatives like the White House's International Counter Ransomware Initiative (CRI) highlight the complexity of this ongoing challenge. And, as the Cybersecurity and Infrastructure Security Agency (CISA) has dedicated November to Critical Infrastructure Security and Resilience, it's crucial for organizations to re-evaluate their protection strategies, especially against ransomware attacks.
Ransomware: A growing and evolving threat
In recent years, ransomware has not only grown in volume but diversified in complexity and effectiveness. Cybercriminals have fine-tuned their technologies and business models to an alarming level of efficiency, often combining data theft with demands for money. The NCSC's Whitepaper delineates a “cyber crime ecosystem,” comprising various players from initial access brokers to ransomware builders, creating a robust support system for these attacks.
Moreover, it points out that Ransomware as a Service (RaaS) complicates the landscape further, with affiliates leasing ransomware code to deliver attacks, making it tough to pinpoint the perpetrators. The preferred payment method for these operations is generally cryptocurrency, providing an effective channel through which to funnel ransom payments.
Global efforts to counter the threat
On the international front, the CRI has seen 50 countries and organizations join forces to enhance resilience against ransomware threats. Looking ahead, key deliverables will include AI tool development to counteract ransomware, platforms for swift threat indicator exchanges, and a policy discouraging ransom payments. Additionally, the CRI is promoting incident reporting and cross-member assistance in the wake of major attacks.
Most recently, CISA’s push for Critical Infrastructure Security and Resilience Month further underlines the urgency to prepare and build a resilient infrastructure. This includes comprehensive risk assessments, detailed planning and adaptive recovery strategies.
Delivering proactive protection with Glasswall Zero-Trust CDR
One of the major cybersecurity problems the growth in ransomware creates is that existing security solutions fall short, with the widespread reliance on reactive detection-based security, meaning organizations simply can’t keep up with the risks posed by ransomware.
This is particularly true for file-based cyber security threats are growing faster than ever, with approximately 1 in every 100,000 files containing potentially malicious content, with 98% of them being unknown by antivirus solutions for up to 18 days before they can mitigate potentially devastating risks, including ransomware.
The problem with detection
A major part of the problem is that the use of detection-based security technologies means no matter how complex a solution may be, it can still only protect its users against what has been seen before. For example:
Next generation” AV and firewalls
“Next generation” antivirus and firewall systems use detection-based solutions that can only protect against risks already known to them. This leaves organizations at risk, as bad actors are constantly evolving their techniques and finding new vulnerabilities to exploit.
Machine learning and AI technologies
Machine learning and AI technologies rely on algorithms to detect known signs and patterns of malicious content. While offering a more effective approach than traditional solutions, machine learning and AI on their own cannot offer absolute, zero-trust protection and still leave organizations at risk from new (zero-day) threats.
Sandbox solutions can offer some protection, but cybercriminals now use clever tactics to evade them. Malicious content can be fitted with a delayed ‘detonator’, meaning malware lays dormant and undetected by the sandbox, activating once it passes through.
Instead of looking for malicious content, Glasswall CDR (Content Disarm and Reconstruction) treats all files as untrusted, validating, rebuilding and cleaning each one against their manufacturer’s ‘known-good’ specification. Rather than attempting to detect and block files that are known or suspected to be malicious, it rebuilds files and documents into a safe, clean and visually identical ‘known good’ standard that is free from the risks of malware.
Using Glasswall CDR means security teams no longer have to choose between complete file security or speed and usability. While some CDR vendors flatten files, Glasswall provides rapid zero-trust file protection that maintains original document usability. As a result, there is no dependence on antivirus databases to provide knowledge of a new threat, and security teams no longer deal with disruptions from quarantining files or false positives.