INTERNET
Doubling Down on Ransomware Protection
Key Software to Check Out
By Joe Dysart
Many businesses across the globe are doubling down on their defenses against ransomware.
As the threat of ransomware reached new heights in 2021, many businesses have doubled down on their defense against the scourge—making sure they’ve done everything they can to avoid becoming its next victim. Indeed, successful ransomware attacks on key infrastructure and supply lines in the United States have proven so visceral this year that they’ve triggered an executive order from President Joe Biden, nudging all U.S. businesses to get serious about ransomware protection.
The order “calls for federal agencies to work more closely with the private sector to share information, strengthen cybersecurity practices, and deploy technologies that increase reliance against cyberattacks,” Biden said. “It outlines innovative ways the government will drive to deliver security and software—using federal buying power to jumpstart the market and improve the products that all Americans use.”
During 2021 alone, businesses across the United States were reeling from successful ransomware attacks, including attacks against SolarWinds, a commonly used IT-management software program; the ransomware disruption of service on the Colonial Pipeline, the largest conduit of refined oil products in the United States; and the ransomware seizure of computer files of the Washington, D.C., Metropolitan Police Department.
Still other ransomware takedowns include a takeover of computer files at goliath meatpacking concern JBS Foods as well as at the National Basketball Association.
Granted, authorities occasionally got lucky against ransomware hackers during 2021. For example, excellent cyber forensic work by the U.S. Department of Justice clawed back $2.3 million in Bitcoin that the Colonial Pipeline paid to ransomware hackers to help get its computer network up and running again.
“Following the money remains one of the most basic yet powerful tools we have,” said Lisa O. Monaco, U.S. deputy attorney general. “We will continue to target the entire ransomware ecosystem to disrupt and deter these attacks. Today’s announcements also demonstrate the value of early notification to law enforcement; we thank Colonial Pipeline for quickly notifying the FBI when they learned that they were targeted by DarkSide.”
Even so, hackers more often than not get away with their exploits, extorting hundreds of thousands of businesses across the globe each year—and disrupting the day-to-day operations of each.
Overall, 37% of organizations around the world experienced some sort of ransomware attack between May 2020 and April 2021, according to a study from cybersecurity firm Sophos titled “The State of Ransomware 2021” (https://tinyurl.com/
sophoswhitepaper).
Based on that survey of 5,400 IT managers at midsize organizations across 30 countries, the study also found that the average ransom paid to recover data from a ransomware attack was $170,404. Not surprisingly, many of the criminals behind the successful ransomware attacks kissed off promises to restore files once ransoms were paid, according to the study.
On average, victimized organizations that paid ransoms in the study got back only 65% of their data, and only 8% of organizations forking over money to hackers were able to retrieve all of their files, according to the Sophos study.
Equally vexing for the victim organizations was the cost to day-to-day business. The average cost to restore the impact of a successful ransomware attack on a midsize business—taking into account downtime, lost wages, device cost, network cost, lost sales and ransomware paid—was $185 million.
In addition, hackers have increasingly exploited a new wrinkle in their ransomware schemes during the past year—threatening (and often making good on the threats) to publish sensitive data found in company files on the Dark Web if a victim company refused to pay a ransom. Fortunately, the guys in the white hats have been busy strengthening software designed to thwart ransomware attacks.
What follows is a representative sampling of that software, all highly rated and all available at entry-level prices. Essentially, your computer security personnel can try out these programs at extremely low rates and, in some cases, opt to bring in an enterprise-level alternative to the same program should he/she deem it necessary.
Bitdefender Antivirus Plus (www.bitdefender.com): Starts at $23.99 per year. A player in the anti-ransomware space for a number of years now, Bitdefender Plus offers many of layers of anti-ransomware protection along with a myriad of other security features.
The software is designed to eliminate known ransomware on the spot, and it will also watch for unexpected behaviors on your PC or network that indicate ransomware activity, such as a sudden, wholesale change in the names of files or the extension names of files.
In a phrase, Bitdefender backs up all of your files at the first whiff of what it determines may be a ransomware attack beginning to deploy—and then restores the files after the attack has been fully neutralized.
ZoneAlarm by Checkpoint (www.zonealarm.com): $39.95 per year. This is another highly rated anti-ransomware package that erases all vestiges of ransomware on your computer system once they are detected. It also embeds “bait” files on your computer or network that are designed to lure ransomware into changing those files first, setting off alarms and enabling ZoneAlarm to neutralize the attack before it spreads to actual company files. ZoneAlarm can also repair files after a ransomware attack, if possible.
Kaspersky Security Cloud—Free (www.kaspersky.com/free-cloud-antivirus): Free. It’s hard to argue with free, so if you’re looking for instant piece of mind today, Kaspersky Security Cloud—Free may be your ticket.
Kaspersky is designed to protect against two types of ransomware: The first encrypts your files, making them unusable to you. The second encrypts your entire hard disk, making the whole computing device unusable.
Kaspersky can also neutralize ransomware that locks up your computer screen, and it offers monitoring and auto-neutralization of typical ransomware behaviors such as wholesale renaming of files and/or file extensions.
Other features include Idle Scan, which monitors resources such as system memory when you’re not using your computer, and there’s a rootkit scan function that helps betray ransomware activity designed to elude typical monitoring of Windows and typical monitoring used by everyday antivirus software.
Sophos Home Premium (https://home.sophos.com): Starts at $44.99 per year. This program is a lite version of a more robust type of anti-ransomware protection that Sophos offers to enterprise-level businesses. Sophos is designed to plug known security holes in commonly used software, and it offers downloadable analysis of programs that you’re thinking of downloading that may have a bad reputation.
Sophos could do the trick for a small business that decides enterprise-level protection is not necessary—especially since this lite version enables you to remotely safeguard, monitor and manage the software on up to 10 remote computers. One caveat, however: Novice users may face a bit of a learning curve before they can use Sophos’ advanced features.
NeuShield Data Sentinel (www.neushield.com/store): Starts at $23.99 per year. NeuShield is the only candidate in this pack that does not offer ransomware protection. Instead, NeuShield is an after-the-fact ransomware product that offers one-click restoration of files encrypted by ransomware—if possible.
Essentially, NeuShield is not a panacea against a ransomware attack, but giving it a whirl after your business has been taken down by ransomware is well worth the price of entry.
Users install NeuShield on their computers before an attack occurs. That enables the software to “virtualize” any changes to the files on your system. Theoretically, virtualized files cannot be corrupted by a ransomware attack, given that they are not fully operational files in a virtualized state. Users of NeuShield regularly decide when to approve changes in virtualized files—which makes those files operational once again.
It’s a powerful way to put a buffer on any files in your system that undergo changes—including changes ransomware is seeking to make.
Joe Dysart is an internet speaker and business consultant based in Manhattan.
646-233-4089
joe@dysartnewsfeatures.com