At Schneider Downs, we are all too familiar with the costly impact ransomware attacks can have on organizations of all sizes and across all industries. Our cyber team continues to respond to countless incidents, helping our clients identify, contain, eradicate and recover from a wide variety of compromises, the most common of which, and most devastating, being ransomware.
In Q1 of 2020 the reported average ransom demand was $111,605 which is significantly lower than many of the demands our team has experienced firsthand. What the monetary amount does not account for are the immeasurable costs including reputational damage, business interruption, customer perception, forensics experts and legal fees, just to name a few.
As incident responders, it’s our job to help minimize the impact of these attacks. A crucial component is having effective solutions readily available for our clients when they need it most and when it comes to stopping ransomware in its tracks, our team trusts VMware’s Carbon Black. That’s why one of our first steps in any ransomware attack is to deploy Carbon Black onto every endpoint as quickly as possible. If critical data and systems are being encrypted by threat actors, the existing antivirus clearly wasn’t cutting it and will likely be of little help.
What’s the big deal with next-generation antivirus (NGAV)?
Traditional antivirus products rely on unique file signatures, essentially just comparing each executable, attachment and web download to a list of known malware. Attackers have found that they can easily sidestep this type of solution by obfuscating their malicious code or by deploying “fileless” malware via Windows PowerShell or VBScript embedded in Office documents. These approaches either result in a new signature that the antivirus protection does not recognize as malicious or avoid antivirus scanning entirely by hiding in the endpoint’s runtime memory, or RAM.
Carbon Black’s next-generation antivirus behavioral analytics and unique, data-driven prevention technology is certified to replace traditional antivirus, using predictive modeling that identifies and stops more known and unknown threats including malware, “fileless” attacks and of course, ransomware behavior. As incident responders we appreciate the endpoint detection and response (EDR) features, such as remote quarantine and rapid triage for the quick containment and analysis of pesky malware.
As trusted cybersecurity advisors, we understand how frustrating it can be to ask all the right questions, hire the smartest people, lock everything down, perform countless audits, remediate every finding, invest reasonably at every turn, and still end up a victim of a ransomware attack because of a reliance on traditional antivirus products and their poorly communicated, yet significant, limitations.
The simple truth is that without a next-generation antivirus (NGAV) or endpoint detection and response (EDR) solution, your environment will always be susceptible to a modern ransomware attack. As countless tales have taught us, an ounce of prevention is worth a pound of cure.
How Can Schneider Downs Help?
Our team can help test the effectiveness of your existing products, offer guidance on which Carbon Black features make the most sense for your organization and even provide pricing discounts by taking advantage of our incident response team’s partnership with VMware. As with any product, configuration is key, so be sure to leverage a trusted advisor like us to ensure proper tuning and execute test payloads against it to validate its effectiveness. Just let us know how we can help.
To learn more about our team and capabilities, including our Ransomware Security Service visit our Cybersecurity Website or contact us at [email protected].
If you are experiencing or suspect an incident, our Incident Response Team is available around the clock at 1-800-993-8937.