Ransomware is an advanced form of malware that attempts to get users to pay a fee or spoofed fine in order to regain access to their device or files. The simplest version will place an image on one’s screen claiming the user downloaded illegal content or is using pirated software and will demand the payment of a fine or be arrested. Other versions like Cryptowall or Cryptolocker will actually encrypt all the files on a computer and demand payment in trade for the key to decrypt the files… with some not delivering what they promised. First arriving on the scene in 2005 as an Eastern European threat, it grew into a global attack by the end of 2013.
To help put ransomware into perspective, look at the organizations that have already been hit by an attack. Most people don’t report these types of things but others have. The City of Detroit was hit with a ransom of $800K… and didn’t pay. An entire hospital district was hit in nine different locations and had to pay out. Ransomware authors are seeing a payday and you can expect them to continue until it is no longer profitable. They are sending their code in email, packaging it in files and also placing it on the internet hoping to lure people in with free content or to pull a bait and switch move that could cost a business dearly.
Security organizations have been working tirelessly to stop this attack by building in mechanisms to stop unauthorized encryption as well creating signatures to stop known attacks for this group of malware. In the chart below you’ll see SonicWall next-generation firewalls blocked nearly 90 Million ransomware attempts in May 2016 alone. These happy stats are the result of the hundreds of ransomware signatures actively stopping this attack. So after years of battling ransomware, why is it still an issue? With such a great rate of success from security vendors, why haven’t attackers given up the fight?
Despite our success, you have to keep mind that signatures only work for the things we know about. We know all the various variants of Locky, Tescrypt, Crowti, and others, but they evolve and change to better evade the defenses of security technologies. The mission for a firewall vendor is to rapidly create new signatures for all of the ransomware variants before any new iterations can victimize businesses. SonicWALL has been doing this using a mix of people and technology but now we have a new tool customers can use that can stop brand new ransomware versions (and all other malware variants) called SonicWall Capture ATP.
In my next blog, I’ll explain in greater detail how SonicWall Capture works. In the meantime, you might want to read our e-book, How ransomware can hold your business hostage.