Ransomware in 2019: Backups, Antivirus, & Free Decryptors May Not Be Enough...

Your Automated Ransomware Decryptor Capability to Unlock Hijacked Systems

Powered By Cyber Crucible's Cryptographic Analytics (Patent Pending)

The Ransomware problem: it’s no longer an isolated workstation issue. The attackers are getting better. In 2019, hackers are being patient and navigating their attack slowly and methodically throughout the business, evading and “tricking” antivirus.

Ransomware masterminds are finding out where the business’s most valuable data is. The infection navigates the IT infrastructure: for example, it might start in a sales rep’s workstation, then navigate to a network share to infect someone in accounting. Those network shares, file servers, backups and more are being encrypted or outright deleted. As a last line of defense, free decryptor tools are increasingly inadequate.

[HOW IT WORKS] Ransomware Decryption

This demo shows how a junior resource can change the impact of ransomware attacks. For the demo, we chose a strong encryption, which is the reality of what organizations are facing today. Free tools and perfect backup process cannot perfectly defend against ransomware in 2019.

This part of the demo shows that licensing is on an eCommerce model: easy and painless to purchase and they can be assigned to agents to install on devices. The software creates the agent and assigns it a license automatically. Then, the software configures the high security settings and variables so that communication can occur very quickly and easily with the cloud. We download the agent, then run the ransomware to show what it can do…

Once that agent is running on the endpoint, it does very targeted collection of what we call “crypto variables” and potential crypto variables. In the demo you see ransomware being run and the ZenSiphoner agent is working in the background collecting data about the attack. In the demo, we see an attack has been started against the victim, and text files on the victim’s desktop are being turned into encrypted blobs which cannot be read. The attacker is using very strong AES 256 bit encryption that is NIST certified. And, the variables are randomly generated, so what that means is that you can’t just take the keys and the variables from one machine and apply them to another. In addition, there are unique variables per file, so that you can’t even take one key or one set of variables and expect it to work on all files.

In the demo, you see the Ransomware Rewind product applying our machine learning algorithms in the agent, along with a lot of heavy lifting in the cloud. The combination of on-device analytics and in-the-cloud analytics provides a capability to actually decrypt quickly and easily.

During an attack, if systems and files get encrypted, the customer is able to submit the targeted file to Ransomware Rewind for decryption. The software asks the security analyst to give us a little more detail about what it is (file type, names, content, size, etc.). If the analyst doesn’t have these pieces of information, for instance, like an original file name, that doesn’t stop us. The information simply helps us be more efficient in our actual processing. The demo shows an uploaded PNG image file.

Finally, the demo shows us downloading the decrypt program, then using a variety of variables and in this case, despite all of the advanced protections of the ransomware, we were able to successfully decrypt and bring the business back online.

EASY TO INSTALL - GET STATUS OF YOUR DEVICES FAST

The implementation of this product is straightforward: you log onto the web app, download the software’s agent to the designated device(s), then leave it running in the background while you go about your normal activities while the software monitors any potential suspicious activity.

The administration panel shows if devices are “green” or “red”, meaning risk.

In the event of an attack Cyber Crucible’s software automatically detects, analyzes and responds to issues. It also allows for all files to be decrypted, even if there are no backups.

RANSOMWARE CONTENT OF INTEREST

Close Menu