Ransomware has been in the news a lot lately. Software AG, Germany’s second-largest software vendor, recently fell victim to a ransomware attack. And earlier this year, IT services giant Cognizant experienced a ransomware attack that might end up costing them $70 million to deal with. Then there is the attempted ransomware attack on Tesla, which could have turned into a major disaster for the company. And right here in Canada where I live, and in my favorite city Montreal, came this news just recently that their subway system has been hit by a ransomware attack.
When will all this end?
Ransomware: No magic solution
Ransomware is a problem that poses difficult challenges for IT managers of organizations of all types and sizes. It’s also a subject that we’ve talked about frequently here on TechGenix. While there’s no magic solution that can defeat all types of ransomware attacks, the arsenal of defensive weapons that IT can use to mitigate or even prevent such attacks from succeeding is growing. One new tool for dealing with ransomware is ransomwiz, a free online tool from Nyotron that empowers security teams to test their defenses against ransomware attacks in a fully controlled environment. Being concerned about the security of our own business, I was glad to have the opportunity to talk with Nir Gaist, the founder and CTO of Nyotron, about their new tool in particular and about the ransomware situation in general.
I began my conversation with Nir by asking him about the current state of the ransomware situation, i.e., how bad it is and whether it’s getting better or worse. “As the ‘ransomware business’ proves to be lucrative from the attacker’s standpoint,” says Nir, “it continues to evolve both technologically and operationally. The average ransom demand climbed over 1,100 percent in the last two years — from $10,000 to over $110,000. While traditional and next-gen security controls will help somewhat against common attacks, they are practically ineffective against a constantly evolving threat. When it comes to ransomware — an actively, rapidly evolving one — an organization must adopt a new, more proactive way of thinking. Defense-in-depth must be implemented, where each layer truly adds a different approach to the organization’s security posture.”
I asked him next why ransomware is so difficult for businesses to deal with and why it can’t simply be blocked using software like you can with viruses and other malware. Nir replied that “Most security products are based on Negative-Security models. Meaning, their detection methods are either looking for specific known malware (in most cases) or, for known bad patterns, learned based on many known strains of malware. In both cases, a new ransomware (or any malware) that is slightly different from its predecessors will be able to bypass almost any security product. It doesn’t have to be novel or more sophisticated. Just “smell” a bit different. Yes, it’s that easy. In fact, recent research by Nyotron showed that a change of a single character in an existing, very old malware made it impossible for all leading security products to detect. Hence, adopting a true, radically different approach is needed to really detect unknown malware — one that will NOT be based on learning the known. It needs to be threat-agnostic.”
I asked him next about what kinds of approaches IT departments were currently using to deal with ransomware. “These times are undoubtedly a turning point in many terms,” says Nir, “and most security professionals are reassessing their current security posture. There are great tools that allow any level of professional to truly evaluate their environment against plenty of ransomware, combining various evasion techniques and file handling methods. For this, a look at ransomwiz.gg is a must, unless waiting for the actual incident to happen is your evaluation strategy. Eventually, most IT and security departments conclude that defense-in-depth, if implemented correctly, is the way to go.”
A new weapon for your arsenal
I wondered next what has been missing up until now from the IT toolbox for overcoming the threat posed by ransomware. “Evaluating the efficacy of a security environment is tricky. In many cases, security organizations will only realize their gaps when it’s too late. The ransomwiz.gg platform makes it really easy, practical, and efficient for any level of IT professional to evaluate their anti-ransomware capabilities at the organization and truly understand whether they can stop it before it happens. Using ransomwiz, one can really generate tons of different ransomware variations, with a very high probability of finding their environment’s weak spots. So, whether you think everything’s good or not — you’ll find out what the situation really is, and if you’re already on the lookout for improvement — you will know what’s really missing. This level of understanding was long missing in everyone’s toolbox.”
I finished off our conversation by asking Nir if he could explain exactly what his ransomwiz platform is and how it works. Nir replied that “ransomwiz.gg is a “community service” project by Nyotron’s research team. It’s a free online tool that empowers security teams with the ability to challenge their security products against ransomware. It allows security professionals to take the attacker’s driver seat and generate actual ransomware samples using a variety of real-world attack techniques. With ransomwiz, any security professional of any level can “play around” with kajillion combinations of evasion techniques and file handling methods to generate (a benign, easy to revert) ransomware, and run it against their very own security architecture.” Nir concluded by saying, “We encourage any security and IT professional to test their environment, and get to know its real capabilities before the next ransomware will.”
I don’t know about you, but as an IT pro and professional geek, I like playing around with free tools. Especially if they could be helpful for the security of my business.
How about you?
Featured image: Shutterstock
