The world continues to witness numerous cyberattacks – from Wannacry to the latest Maze attack, with each attack being more unique and complex than the preceding one. This makes one wonder, what’s common between these attacks. Well, they are all ‘ransomware’, the form of malware that encrypts files on an infected device and holds them hostage until the user pays a ransom to the malware operators. Ransomware attacks have proliferated in recent months, giving sleepless nights to IT and security professionals.
While many companies are working in the area to mitigate ransomware threats, California-based cyber security firm Active Cypher has recently launched Ransom Data Guard to effectively “defeat this threat”. Mike Quinn, co-founder and CEO and Dan Gleason, co-founder and CTO, Active Cypher, believe data security is a human right and they are striving to secure it in this increasingly complex digital age. In an exclusive interaction with CXOToday, the security experts further throw light on the recent ransomware trends in the Covid-19 era, how CIOs can check ransomware attacks effectively and the company’s plans for the coming quarters.
CXOToday: Hackers begin exploiting the Covid-19 situation at enterprises. How are CIOs tackling the corona impact?
Mike Quinn: New remote workers are introducing a fresh set of unknowns. While COVID-19 is disrupting a business’ supply chains, security threats from hackers have in fact increased phenomenally. In effect, the sudden jump in remote work has opened a Pandora’s Box for CIOs as every employee’s home network becomes a potential support ticket nightmare and an unknown vulnerability. The stresses on IT departments as large portions of their firms have gone remote are also contributing to security lapses as attention is diverted from the monitoring of threats and prevention to setting up loaner laptops, connecting new machines to home printers, resolving longstanding Wi-Fi issues, and painstakingly dealing with the technologically challenged.
We’ve seen many CIOs develop tiered response plans to:
- Ensure their workforce has the tools to work remotely, like video conferencing software and VPN access.
- Quickly deploy solutions to strengthen remote security infrastructures and close very evident gaps.
- Prepare for the worse. The danger of data breaches and ransomware attacks has increased dramatically.
- The CIO and CRO often ensure they have a zero-dollar Incident Response (IR) contracts in place.
Active Cypher has partnered with Stroz Friedberg, specialized risk management firm, on a webinar series that addresses the nature of the attacks and the need for these IR contracts and solutions to protect corporate data.
As IT budgets may see downsizing, it is key that easily deployable, affordable solutions that will maintain long-term security are utilized.
CXOToday: In the event of a ransomware attack do you think most companies are prepared to strike back?
Mike Quinn: Absolutely not. Ransomware has been on the mind of most CIOs for several years right now. The dirty secret behind the manner many companies are dealing with ransomware is that they are indeed paying the ransom. And feeding the beast doesn’t help the problem. We had one customer who, before Active Cypher started working with them, paid ransomware criminals an astounding $80m ransom. Another client was paying $2m per month, with no end at sight. Of course, this is all very embarrassing for companies, so they tend to keep these payments under wraps.
CXOToday: How do you see the ransomware trend of 2020?
Mike Quinn: Ransomware is exploding. The unique vulnerabilities of remote work paired with the downturn in the market unfortunately means that there might be a number of smart, recently laid off programmers inclined to find a new income stream. The rise of the RaaS (Ransomware as a Service) model, which offers the extortion tools to cybercriminals for a fee, has grown in popularity. For instance, the developers of the infamous GandCrab ransomware have boasted on message boards that they were retiring after their RaaS made an astounding $2 billion in total, netting $150 million for them personally. The question is will GandCrab ever come out of retirement? What about copycats?
CXOToday: What kind of solution are you providing to secure the enterprise? Could you explain the technology behind the new solution?
Dan Gleason: We recently launched Ransom Data Guard, which enables enterprises to recognize and repel ransomware attacks utilizing a combination of proprietary Active Cypher encryption orchestration, smart AI, and advanced endpoint protection. Automated AI-powered sensors recognize ransomware threats allowing Ransom Data Guard’s proactive protection to block ransomware before it can attack a client’s files. Ransom Data Guard’s Survival Mode provides recovery and continuity for an enterprise through the automatic and instantaneous recovery of all its protected files to a new, or “cleaned” machine from a USB drive, Bluetooth, air-gapped virgin server, or Cloud account (like Dropbox, OneDrive, Google Drive, etc.). According to an IDC report, downtime of a company can cost on average $250,000 per hour. Rapid comprehensive reaction to an attack is the key.
CXOToday: What must CIOs focus on to check ransomware attacks effectively?
Dan Gleason: The cautious CIO should take the approach that their organization is already infected with ransomware. For the majority of ransomware attacks, user’s negligence is the problem. If a firm has employees, its only time until they get ransomware. Yet IT departments should stop playing roulette hoping that they are not the ones to fall this month, but should instead take a proactive approach to first securing their data end-to-end, through automated file-level encryption like what is offered through Active Cypher File Fortress. Secondly, they should utilize solutions like Ransom Data Guard that effectively shields clients from all permutations of ransomware attacks like WannaCry, RobbinHood, TeslaCrypt…by obfuscating data and actively countering malware when it attempts to attack. Employee cyber-training only gets you so far.
CXOToday: What are your business plans for the next 12 months? Do you have any India specific plans?
Mike Quinn: The success of India’s economy and the rise of its companies have unfortunately led hackers to increasingly attack the country. Active Cypher’s Indian clients are addressed in a similar fashion as we currently handle global and non-North American clients – our product is not intensive in prep or installation and company IT teams can download and install very easily in half a day. Our Scout product provides pre-install audit and assessments that provide “best practices” for tuning your Active Directory. Our goal from the start of development was to make our products basically hands-free installation and operation. We have just joined Microsoft’s co-sell program and will soon be named a Gold Partner. Microsoft’s new focus on security has helped propel us to many enterprises worldwide that not only wanted to find a solution to counter ransomware but also protect their data at the file-level.