By Adrien Gendre, Chief Solution Architect, VadeSecure
Just last year, ransomware cost businesses $1 billion—and, of course, there are more than just monetary impacts. Ransomware can cause major damage to an enterprise’s reputation and can cause them to lose a significant amount operational time. Plus, less than half of organizations ever fully recover the data lost, whether they choose to pay the ransom or restore from a backup.
Since ransomware is constantly changing and evolving, it is difficult for standard email filtering systems to stay up to speed on all the latest threats. Unfortunately, this means that by the time a standard email filter recognizes a variant, it will have already claimed a few victims. This is why you need predictive ransomware protection and email security.
Ransomware that Shook the Globe
Back in early May, the world was bombarded with two different ransomware attacks. WannaCry and Jaff ransomware utilized exploit codes and slight ransomware variations to slip past standard email filters. Both malicious programs affected multiple countries and impacted businesses worldwide.
WannaCry ransomware was the malware that garnered most of the media’s attention. It took advantage of NSA exploit codes that had been revealed by a known hacker group a few weeks prior. It propagated via worm, taking advantage of an unpatched SMB v1 (server message block) feature vulnerability. This feature allows companies to share printers and files over a network, which is one of the reasons the attack spread so quickly. It forced many businesses to halt operations, including hospitals who were forced to cancel surgeries and turn away ER patients. Shortly after this ransomware was discovered, it was estimated that it had infected 210,000 machines in 99 different countries.
Jaff ransomware was first detected by Vade Secure on May 11. This Locky ransomware variant was delivered via a booby-trapped attachment. Users received a .docm file embedded within a PDF. Once users opened the PDF, macros within the .docm file began automatically downloading the payload and encrypting files. Within just 48 of this variant discovery, our advanced email security filters had blocked over 630,000 emails that containing the ransomware. Unfortunately, the slight variant meant that standard email filters were unable to initially detect the attack, allowing it to spread quickly.
Our predictive email security filters are backed by our virtuous cycle that takes into account both global and local threat data to determine email safety.
We have blocked every variant of Locky and CryptoLocker that has ever been found, with a success rate approaching 100%.
Our technology allows us to defend against all types of cyber threats including: