Dennis Underwood
Published on
July 14, 2022

Have the Latest Antivirus? Great... You're Still at Risk of a Ransomware Attack

This article helps explain to folks how and why attackers were able to evade "the latest and greatest" security out there. The timing seemed appropriate for this Cyber Crucible, Inc. blog post given the exposed SolarWinds (etc) attacks.

Over 75% of victims are using the latest protection. What these victims don't know is that in order to effectively protect against ransomware, they need a specialized tool.

How You Think A/V Works

Criminals know you have invested in security tools like antivirus to stop their attacks from succeeding. Almost everyday, we see another company in the news, or hear about some school or small business that was hacked. Lots more don't make the news! We know they are stopping criminal hackers, and we know these companies work hard to keep their data (and our data) safe, so what is going on? What are the hacked companies doing wrong? Almost everyone nowadays has firewalls, antivirus, and other tools, and that antivirus will stop known threats. What this means is, the criminal tests their malware to see if the antivirus stops it. If it does, it’s back the drawing board for them to come up with a new form of malware that will breach the system. If the antivirus doesn't catch their first attempt, then they’re free to attack your system.

Hackers Test Their Malware

Similar to you taking a car for a test drive before buying it, criminals test their viruses before deploying. They want to know which, if any, security tools (like antivirus) stops them. Some stop them right away, instantaneously. Others stop after the malware has been running awhile. Others, still, send alerts to security analysts for the IT team to chase down.

At some point, the criminal invests in a new version of the tool. It may be after the first couple antivirus or firewall vendors catch them. It may be right away, or if a particular company they really want to hurt catches them. They may pay someone for a new version, just like when you upgrade software, or they may make it themselves.

Criminals Deploy Their Upgrades

New version in hand, the criminals deploy the new version of malware. It goes undetected by some or all security tools. For data theft, this means they are like a spy, snooping around your network, stealing customer data and corporate secrets. For ransomware, this means they can now move get into position to quickly inflict the most pain - encrypting many important files at once, after deleting backups.

A/V Blocks Old, Not New, Malware

In the background, your security tools eventually catch on to the criminals' upgrades. Depending on how many victims the attackers get, the upgrade can be noticed by security companies after days, months, or even years for really advanced attacks (our record in Cyber Crucible, is finding a tool that evaded all other tools for 5 years!)

With ransomware, however, it is a bigger issue than with data theft. Both are bad, but companies can still pay their employees, and hospitals can still take care of patients, even if the customer data is being stolen. With ransomware, we don't have time to wait for security tools to play catchup, and the criminals take advantage of that. Suddenly, criminals can encrypt, leaving companies that can no longer do their jobs. People have even gotten physically hurt when machines suddenly lock up. Imagine your doctor not being able to read your charts because the emergency room computer system shut down!

Ransomware Rewind Has Your Back

After seeing multiple clients (with security tools in use) dramatically hurt by ransomware, we knew we had to help. We've developed a solution that addresses the ransomware issue head on. We can't rely on eventually catching the malware any longer - we have milliseconds to act.

We protect you and your data, and do so even when the newest hacker upgrades are missed by security tools. This is done inexpensively and efficiently. Think of us like a vehicle airbag, or your anti-lock brakes...or, even better - install us, then don't think about us, and get back to creating value in your workplace and community.

About the author
Dennis Underwood

Dennis Underwood is a veteran, cybersecurity leader, inventor, and entrepreneur with over 20 years of experience. He is an expert at cryptography, intrusion discovery and analysis, having discovered multiple previously unreported intrusions to clients throughout his career. Currently, he is leading a team of like-minded experts delivering next generation intrusion discovery and ransomware response automation tools to consumers.

Start a free trial today

Sign up for Cyber Crucible today to protect your system against ransomware extortion.

Create an account