Ransomware attacks will continue to keep companies on tenterhooks in 2022. Even the use of prevention technologies and increasing employee awareness – two key aspects – will never provide 100% security, as attacks are becoming ever more creative and professional. It is essential for companies to prepare for emergencies and to limit damage with their ability to stop an attack as quickly as possible. Every minute counts after data have been encrypted.
A new partnership with Bullwall makes that possible: The RansomCare solution identifies a ransomware attack in the very moment that illegal encryption begins and helps to limit the damage as far as possible. This blog article explains why that is so important, and how RansomCare and EBF can help you.
Protective measures are no guarantee
Protection from cyberattacks, and ransomware attacks in particular, is essential for companies. Three aspects have a role to play here:
Ready for an emergency
Every minute counts when a company falls victim to an attack and data encryption begins. Today’s ransomware versions are capable of encrypting up to 10,000 files per minute on each infected computer. The number of encrypted files increases as the attack continues – making it exceptionally difficult to restore the systems.
That is why companies must be able to react in case of emergency. And this then requires three things:
- Permanent monitoring of data transfers and security-relevant system events is to take place, allowing immediate discovery of data encryption.
- There needs to be a clear plan that defines how to react to such an attack.
- There must be a restorable offline backup for important corporate information.
Our partner Bullwall comes into play for the former.
Take control quickly thanks to Bullwall
Bullwall is a Danish technology company that has developed the RansomCare solution. As the name suggests, the solution helps you to take care of a ransomware attack. This happens as follows:
- RansomCare monitors fileshares in real time and reacts immediately when illegal data encryption begins.
- The technology identifies and isolates compromised users affected by the initiation of encryption. It stops further encryption of data and informs the company security team.
- Administrators get a list of all encrypted files so that they can be restored more easily from a backup.
- RansomCare creates a report that contains valuable information about the affected files.
We are delighted with the new partnership with Bullwall. The RansomCare solution is the perfect addition to our portfolio, which already boasts a host of technologies for attack prevention. With RansomCare, we offer our customers a solution that helps them to act as quickly as possible in case of emergency. This saves valuable hours and minutes and, consequently, saves money. The solution is the ideal complement to mobile threat defense solutions and other prevention measures.
Managing Partner and Founder of EBF
The crucial distinction: Differentiating between legal and illegal file changes
Countless changes are made to files within the company on a daily basis. Files are created, changed, renamed, and deleted on fileshares and cloud drives – that is part of our everyday business. The challenge lies in identifying those changes that are not wanted.
How does RansomCare differentiate between legal and illegal changes? To do this, the solution has to learn what is normal, and what is not. That is a crucial aspect and it is where heuristic analyses and machine learning are used to support you. We help you to position the system to identify abnormal file changes, thereby avoiding any false alarms. And, of course, we support you during implementation, ensuring reliable operation and helping to evaluate incidents.
Ransomware – the danger is real
An increasing number of companies have fallen victim to ransomware attacks in recent months. A host of systems and data have been encrypted, large sums of money have been extorted and new tricks applied to increase the sense of urgency. Attackers more frequently threaten to contact victims’ customers or to publish, sell, or auction off stolen data.
Global analysis reveals that the average sum paid in 2020 was $ 312,000. In 2021, it was $ 570,000. In the same period, the costs incurred to completely overcome a ransomware attack rose from $ 760,000 to $ 2 million. There are additional costs to be taken into account alongside the extorted amounts: to compensate for the failure of systems that are key to companies’ ability to work, for closing back doors, and for dealing with reputational damage.
The primary sources of ransomware attacks are phishing and social engineering – methods of attack that are fostered by hybrid working models. Ever more employees are working outside of protected corporate networks.