In the IT world we are familiar with the name of Ransomware. Ransomware is the fastest growing cyber threat today. When the national government and large companies including the Partner Sangfor Jakarta were once the main target of this Ransomware, many local governments and smaller organizations have become victims now. Until the cessation of operation in a few days to weeks unless exorbitant ransoms are paid. On average, the fine costs of this Ransomware start at US $ 100K / hour or 1 billion rupiah per hour.
Ransomware is a type of malware or hacking device that uses a certain sequence of steps called “Kill a chain” to infect and spread to various victims’ computers.
Jakarta’s Sangfor Partner Focuses on Cessation of Ransomware
Traditional security point products alone have not stopped these steps effectively in this Kill Chain. A company may have protection with the latest generation firewall (NGFW), email gateway, and the latest generation of anti-virus / malware (NGAV) solutions, but WannaCry’s viruses or hacking devices prove ineffective by infecting 200,000 systems in 150 countries in just 4 days. Partner Sangfor Jakarta has outlined these steps to understand the reasons for the spread of Ransomware.
Jakarta’s Sangfor Partner Analysis of Spread of Ransomware
This infection occurs when an attachment or document is opened, or a link is clicked from a fake email. Same with clicking on a link on a dangerous website. This infection is a step that is usually fought by anti-virus / anti-malware products at this time. Anti-virus products scan files that are being downloaded or saved. Once found, the file is deleted or quarantined. The problem is that 3rd party testing shows that NGAV is 99.95% effective in detection. Effectiveness in this detection may seem quite high. However, AVTest receives more than 350 thousand new malware samples every day. Blocking 350 thousand new malware samples with 99.95% effective will potentially allow 1,750 samples. In other words, NGAF cannot block all viruses and may WILL escape detection. But NGAV doesn’t really function properly after installing malware.
NGAV cannot directly identify C&C malware communication. Firewalls can track communications to servers that are potentially exposed to C&C, but they cannot verify whether the communication is good or bad. Most NGAV and NGFW do not share information to identify that the infected file is communication with the C&C server.
The most difficult step to stop Ransomware is exploitation in which various files are encrypted. Ransomware does a great job of not only hiding the running system processes controlling encryption, but applications that start the process as well.
The malware will spread to other vulnerable systems quickly, sometimes in just a few minutes. In many cases it is possible to isolate the system from the network to prevent it from spreading. However, infected systems may need to be operational for business requirements and cannot be isolated. The system will then look for other systems to infect the entire organization.
The Partner Sangfor Jakarta Security Solution for Ransomware provides a holistic solution to stop ransomware attacks in real-time. The solution is strong enough to block every step in the Kill Chain ransomware, but it is modular enough to suit any organization.
For the Sangfor product needs that you need, please click here.