Cryptolocker is the threat that everyone is talking about. It affects both home users and companies though, in many cases, companies are more exposed due to the large amount of confidential information they handle.
Juan Santesmases, Vice President Product Management & Business Development at Panda Security, explains what Cryptolocker is and how companies can deal with it.
Cryptolocker has been the talk of the town in IT security circles over the last few weeks… What makes it different from the rest of threats that companies face?
Cryptolocker is a type of targeted attack, and like all targeted attacks, it requires great sophistication and, consequently, a great investment from the cybercriminals who launch it. The damage caused by this targeted attack is not very different from that caused by other attacks suffered by companies every day. The big difference is that, in this case, the target company is aware of the attack because the malware itself notifies it to the infected user, who knows from the start how much it will be to retrieve the stolen information. Hence its great popularity among cyber-criminals.
However, there are many other targeted attacks equally or even more harmful than CryptoLocker which in many cases go unnoticed by companies and end users. Especially if they involve theft of vital business information, such as customer data, product development plans, or sensitive personal information such as banking details. Even if detected, these attacks are often not publicized due to the impact they may have on a company’s reputation. We have seen attacks like these suffered by Sony, Google, Amazon, Target, and many other companies.
What do cybercriminals want with this type of attack?
Cryptolocker is a type of malware known as ransomware. This particular kind of malicious software is designed to hijack the victim’s data and demand a ransom for it. The high volume of this “market”, which has every characteristic of a traditional market, with its supply and demand, makes it very profitable for criminals, who invest large sums of money to develop this type of threat.
Is there any way to identify it?
It is really difficult. Generally speaking, companies are very unprotected against this type of attack, hence its high rate of infection and the echo it receives in the media. This vulnerability is due to the fact that traditional detection mechanisms, such as email or Web filtering systems and antivirus solutions, are simply not effective enough.
To a greater or lesser extent, traditional detection mechanisms are based on comparing software, URLs, or email signatures with known patterns of previously detected and classified threats. However, with an average of more than 200,000 new malware samples put in circulation every day, this type of strategy has become obsolete. Despite the investments made by security vendors to improve the efficiency of their traditional protection mechanisms and reduce reaction times, they continue to be just that: reactive mechanisms. In the end it becomes a race between criminals and security vendors that we do not always get to win.
That’s why we need a whole new approach to protection. Something Panda realized seven years ago, and has culminated in the development of Panda Adaptive Defense, our persistent threat protection system that is able to stop Cryptolocker and, more importantly, its variants.
What differentiates Adaptive Defense from other solutions?
First, Adaptive Defense is a service rather than a solution. Adaptive Defense evaluates and classifies all applications running on customers’ endpoints, based on the analysis of more than two thousand actions that each application can perform. This process takes place largely automatically in our Big Data Environment, and is complemented with the manual analyses carried out by our security experts at PandaLabs.
The continuous classification and monitoring of all applications has allowed us to not only identify and categorize malware, but also goodware and its vulnerabilities. Our database contains more than 1.2 billion goodware applications. Thus, while a traditional antivirus solution blocks known malware and assumes that any other application is benign, with the risk that that entails, Adaptive Defense only allows the execution of applications cataloged as goodware.
It could be argued that there are already whitelisting tools with a similar approach. However Adaptive Defense goes beyond traditional whitelisting, doing all the classification work automatically and transparently to the company’s system administrator.
Finally, as it is installed on the endpoint, Adaptive Defense provides full visibility into all applications installed on the device, notifying security administrators of any threat detected and allowing them to take remediation actions against them.
Targeted attacks, advanced persistent threats, Cryptolocker… No one can doubt that companies are in the crosshairs of cybercriminals.
As I said before, cybercrime has become a very profitable business for criminals. The resources and tools available to criminals are so important that no company, regardless of its size, is out of their reach. In Spain, all of the companies in which we have deployed our solution, regardless of their size or the safety measures in place, had endpoints whose security had been compromised to a greater or lesser extent. In fact, according to INCIBE (Spain’s Cybersecurity Agency), the economic impact of cybercrime in Spain during 2014 amounted to €14 billion for businesses.
Our mission as IT security vendors goes beyond developing more effective products and services, we must raise awareness and help businesses implement adequate protection strategies.[button link=”https://www.pandasecurity.com/usa/enterprise/solutions/advanced-threat-protection/” color=”green1″ icon=”” size=”medium”]VISIT ADAPTIVE DEFENSE[/button]