Ransomware – The Looming Threat
Throughout the last 18 months, rarely did a day go by a company, school, government agency, or public municipality went without being infected with ransomware. Since January of 2016, twelve educational institutions publicly announced being hit with ransomware, with ransom payments ranging from $28,000 to $2,900.
The success behind ransomware lies in the ability to alter the variant to avoid detection from most security solutions. Most security programs use a blacklist to monitor malware threats. If a program or file is not on the blacklist, it is deemed unknown. The blacklist allows these unknown files to execute. The flaw lies within this methodology. Hackers are able to create new ransomware variants every few seconds, if they so choose. When a ransomware variant morphs, it changes its coding. Meaning, the malicious code identified on the blacklist is no longer used. Therefore, the new, unknown, variant is allowed to execute on endpoints using traditional security solutions that implement the blacklist as their primary method of malware detection. The blacklist has become, and will always be, one step behind.
Yet, if the security industry knows the weakness, what is being done to fix it?
An advanced security method is available. It is called application whitelisting.
Application Whitelisting – Why It’s Effective
As cyber security threats continue to advance, so should endpoint security. The application whitelisting methodology only allows trusted programs to execute. Therefore, instead of allowing unknown files to run, like the blacklist, the whitelist will prevent unknown files from executing until tested and proven safe. Whitelisting technology has been proven far more effective in preventing ransomware attacks, including polymorphic variants.
For example, in 2016 the ransomware variant, Cerber was morphing its code every 15 seconds to avoid detection. However with application whitelisting, regardless of how many times the coding is changed, the variants will always be considered unknown. Therefore, they will not run.
Often times ransomware campaigns are spread through phishing emails, which include a malicious link or attachment. Dodi Glenn, Vice President of Cyber Security for PC Matic states,
“All it takes is one employee to download a malicious attachment from an email to infect your entire network. Application whitelisting software can be used to stop malware from executing in the event an employee accidentally downloads malware.”
Beyond blocking ransomware threats, Glenn states,
“Application whitelisting software can also help prevent the spread of viruses and worms from infecting computers across the entire organization, and causing damage to the company’s finances, productivity and reputation.”
According to the most recent Virus Bulletin Reactive and Proactive (RAP) test results the application whitelist technology, tested under the company name PC Pitstop, proactively prevented 99.97% of malware threats. Compared to the proactive average of all security solutions tested, 64.35%, one has to question why they haven’t implemented this technology sooner.