Ransomware attacks continue to be one of the most prevalent and evolving threats in cybersecurity. The term ‘ransomware’ refers to an attack that involves encryption of a victim's data, following by a ransom demand for its release.
In terms of impact, the State of Ransomware 2024 report from Sophos reveals that 59% of organizations experienced ransomware attacks in the past year, with 70% of these attacks resulting in data encryption. Additionally, there has been a fivefold increase in ransom bills over the last twelve months, highlighting the growing financial burden on victims. The report also indicates that 32% of attacks began with an unpatched vulnerability, emphasizing the critical need for robust cybersecurity measures.
Gitex Global 2024 Dubai showcased companies in the cybersecurity domain, each presenting unique approaches to countering ransomware attacks. Given that combating ransomware is a multifaceted endeavor, the strategies employed by cybersecurity companies vary significantly. While all of them tackle it from all angles, they focus on specific aspects of the threat.
CybelAngel’s data monitoring and API security
As detecting any potential vulnerabilities reduces an organization’s risk of being a victim of this crime, data monitoring and recovery are crucial strategies against ransomware attacks. CybelAngel involves a lot of early threat detection. "At CybelAngel, we scan dark web forums, marketplaces, and even communication channels like Telegram, where compromised credentials and vulnerabilities are exchanged. By detecting these threats in their earliest stages, we alert our clients before cybercriminals can exploit these weaknesses for ransomware attacks," said Camille Charaudeau, Chief Product Officer at CybelAngel. This approach allows organizations to intervene before a breach occurs, strengthening their ability to defend against ransomware attacks.
Another focus of CybelAngel is the protection of APIs, since these have become common entry points for cybercrime. According to Charaudeau, "A significant risk at the moment is open or misconfigured APIs that hackers manipulate to breach networks. Our R&D is focused on identifying publicly exposed shadow APIs and ensuring they are properly secured before attackers can take advantage of such thereof." Monitoring both data and API security for its customers, CybelAngel protects clients from ransomware and other types of cyber-attacks.
Kaspersky secures endpoints against ransomware attacks
With ransomware now mainly attacking connected devices, securing the network endpoints has become crucial to defend against such attacks. EDR (Endpoint Detection and Response) detects suspicious activities in real-time through constant monitoring of the endpoints and responds in real time. Brandon Muller, Senior Technical Consultant at Kaspersky Lab, addressed the complexity of ransomware: "Ransomware attacks are wide and varied. It's not just a single file, and that makes it even more complicated to anticipate.”
Kaspersky’s approach involves understanding how an attack can affect business from every different kind of entry point. This approach ensures early detection and mitigation of ransomware threats. The EDR solution is in its latest platform, Kaspersky Next, which merges advanced machine learning with traditional endpoint security. Muller says, “We've integrated EDR functionality into Kaspersky Next. What's unique is the automated defence strategy put together with endpoint security. I like referring to it as the 'Sherlock Holmes' of cybersecurity; it's not just block-the-attack but understanding the full story behind the attack.” This investigation tactic lets businesses take care of the immediate threats as well as find future vulnerabilities.
However, this is only the detection of ransomware. In the event of an attack, Kaspersky also provides necessary recovery solutions. As Muller said, "we have a line of ransomware decryption tools, which we keep updating with the latest variants. It is not against all types of ransomwares, but a consistent tool that works.". Although Kaspersky does not provide backup solutions, they offer security consultancy to improve those measures. "We work with customers to optimize their existing security measures, making sure they have the right multi-layered defenses. Prevention is better than cure when it comes to ransomware," said Muller.
Rubrik Orchestrates data recovery and monitoring
While stopping ransomware attacks is important, recovery of data is of equal importance, as no system can ensure absolute protection. Rubrik focuses on orchestrating data monitoring and recovery to make sure organizations can respond quickly to these attacks. According to James Hughes, CTO at Rubrik for EMEA, this is where an approach such as theirs becomes very important: "The key is to recover as quickly as possible when something does get through, that's what we mean by cyber resiliency."
“At Rubrik, the focus is on bringing organizations back quickly by first of all knowing what is important to them and then making sure those applications can be brought back as soon as possible.” This approach minimizes downtime and enables businesses to resume operations promptly. Rubrik singularly focuses on immutable backups-air-gapping them so they could not be compromised by ransomware.
As Hughes said, "One of the biggest concerns we hear from customers is, ‘How do I know that when I restore my backups, I'm not just restoring the malware that caused the problem in the first place?’ Rubrik does this by making backups completely immutable. The added layer of this safeguard means organizations can restore data without the possibility of reintroducing ransomware.”
Additionally, Rubrik leverages AI to improve cybersecurity standards. Hughes said, "We use machine learning, and over time, it gets better at knowing your organization’s change rates and user behaviour, which allows the system to tell if it is a regular anomaly versus a real threat, such as ransomware." The use of machine learning in Rubrik makes it possible for its platform to negate false positives and rapidly identify ransomware threats.
As the threat of ransomware is constantly evolving in the cyber threat landscape, these experts believe an organization should consider all-around strategies to counterattack against ransomware attacks effectively. With proactive data monitoring, API security, and endpoint detection technologies, leading cybersecurity firms like CybelAngel, Kaspersky Lab, and Rubrik allow businesses to prevent, detect, and recover from these pervasive threats. Joining their efforts in concert helps create a safer digital landscape in which organizations can ward off the attacks of ransomware or any form of cyberattack.