New Tool to Detect Ransomware May Prevent a Cyber Catastrophe

Zelle LLP

Zelle  LLP

We here in the CAT – Law pressroom occasionally come to have a dispirited world view due to our constant and laser-like focus on the topic of catastrophes.  However, our Magic 8 Ball has been saying “it is most probable” every time we ask if the recent “WannaCry” ransomware virus might actually be the dark just before the dawn.  So rather than our normal article on a possible catastrophe, here is our take on a type of cyber catastrophe that is now more easily prevented.
Last month, hackers attacked businesses and government entities in 150 countries with a ransomware worm known as “WannaCry.” These hackers gained access to business and government servers, infecting them with WannaCry, either by exploiting software vulnerabilities in an older, yet popular, Windows operating system or through phishing emails designed to trick users into giving hackers access. Once WannaCry was in, it spread rapidly and autonomously throughout the system, encrypting the files on the victims’ systems and thus denying the victims access to their own data. The hackers then demanded a ransom, requiring victims to pay, on average, $300 for the release of their information.
Although WannaCry is the latest cyber-attack to make the news, it is by no means the only threat. IBM President and CEO Ginni Rometty, has described cybercrime as “the greatest threat to every profession, every industry, every company in the world.” And analysts predict that cybercrime will cost consumers more than $2 trillion globally by 2019, nearly four times the estimated cost of breaches in 2015.
But massive ransomware attacks like WannaCry are now more easily prevented.
The cyber-security community has developed a sophisticated new weapon for battling malware generally, and ransomware specifically, known as Endpoint Detection and Response (“EDR”). EDR software focuses on protecting each user device, which are known as endpoints. Endpoints include not only servers but individual computers and portable devices as well. EDR software uses artificial intelligence to learn and analyze system activity. So when a virus attempts to perform a function out of the ordinary, such as encrypting all of one’s files, it becomes a red flag and the EDR software can act to detect and prevent it.
Because EDR software focuses on the behavior of a program, it can detect malware other more traditional virus protection programs cannot. For example, traditional signature-based virus detection programs function by blocking malware when the program’s coding—or signature—reveals that it’s malware. Thus, traditional malware detection programs can only stop known viruses. But because EDR software focuses on a program’s behavior, rather than its signature, it’s able to detect malicious software (including unknown viruses) that affect the function of the endpoint. In short, EDR software is a more effective, proactive tool against cyber-attacks.
Entities looking to improve their odds against cyber-criminals should consider adding EDR software to their arsenal, to compliment their other weapons against cyber-crime such as ongoing training of personnel and restricting user privileges. And insurers covering the risk of loss from cyber-attacks should consider recommending—or even requiring—that policyholders use EDR software to better prevent or minimize loss from cyber attacks, thereby lowering their exposure to such losses. The use of EDR software as part of a diligent cyber-security plan may dramatically reduce the risk of loss from a number of cyber attacks.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Zelle LLP | Attorney Advertising

Written by:

Zelle  LLP

Zelle LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.