It comes as no surprise that ransomware is the fastest growing form of criminal malware, accelerating in quantity 128% year over year.
This plethora of ransomware is, however, primarily acting across one type of playing field- the web. In fact, 80% of the methods used to deliver criminal malware are web-based, such as a drive-by download, email link, or download by malware itself. Ransomware is no exception.
In an effort to fight web-based ransomware attacks, most security teams run web-filtering technology in either a secure web gateway or firewall. This typically involves utilizing signatures that security vendors issue after seeing the malware for the first time, or technologies like network sandboxing and next-generation endpoint security, both of which identify threats without the use of signatures.
But network sandboxing is rarely implemented in a “blocking” mode, since ineffective pre-filtering allows a large volume of files to queue up at the sandbox, which takes time to process and ends up disrupting productivity for the user. Adding new endpoint technologies in isolation can further fragment security operations, resulting in additional time spent on integration, training, and management instead of improving security posture. In fact, 62% of security professionals admit that this “technology sprawl” actually reduces their security efficacy.
Clearly, this doesn’t get the job done, especially as code-changing, zero-day attacks render many web-filtering technologies ineffective.
So, what now? How do you defeat polymorphic attacks, or, essentially, defeat the unknown? How can businesses keep up with an ever-evolving, dangerous threat like ransomware? First and foremost, it’s time to get a better understanding of how this threat actually works so you can improve your ability to stop it.
To do just that, follow along ransomware’s path to extortion to dive deep into this threat and learn how to adapt your protection.
To join in on the ransomware conversation, follow us on Twitter @IntelSec_Biz.