“It’s the whole layered approach to cybersecurity.”
Greg Edwards is the Founder & CEO of CryptoStopper. Greg talks with Anthony about the best ways businesses can detect and stop ransomware from doing damage to their companies.
Ransomware’s Evolution
Greg: “So back in 2012, when these ransoms were first coming out, I think the first ransom demand that I saw was $60. Those very first attacks that we were seeing, I think that the attackers really didn’t know what they had their hands on. It was a very scattershot approach, very much like malware of the time, where they were just trying to infect as many people as possible, and then the ransom demands were low. If you map the rise of ransomware and the rise of Bitcoin transactions, they’re parallel in their growth. Not to say that Bitcoin and cryptocurrency was completely the cause, but it definitely enabled it.”
Greg: “A lot of attacks were individual workstations, as opposed to network. Now it’s common place for them to encrypt, attack the backups, and exfiltrate the data all in one. That’s something that I predicted. Being in the cybersecurity world, I feel like I think like a hacker. Probably 2016, 2017, I said, what’s going to happen next is that not only are they going to encrypt the data, but they’re going to exfiltrate it.”
Protecting Your Business
Greg: “Of the successful ransomware attacks, 70% of those had fully up-to-date anti-virus. So when you put that into context and say, okay, as an MSP, I’ve got my firewall, I’ve got antivirus, I might even have a managed EDR solution, but that’s not necessarily going to stop ransomware. Once ransomware is actively running, then you’ve got no defense against it. Even having CryptoStopper as a tool and being my own product, I still recommend patch management as the number one thing.”
Greg: “Patch management is probably the most critical component because without being up to date, you make yourself so much more vulnerable. Then also install CryptoStopper as that last line of defense. Offsite backups that are encrypted also absolutely necessary. It’s the whole layered approach to cybersecurity, there’s not one silver bullet. I won’t say that CryptoStopper is the one silver bullet. It’s the combination of all of these things that will protect you from ransomware.”
What Does CryptoStopper Do?
Greg: “Basically what we do is generate bate files. These are decoy files that we put out throughout the network and on PCs. Then we monitor those bait files for encryption activity. There’s no way for the attacker to fingerprint what we’re doing because every installation is unique. It’s Word, Excel, video, and picture files. Those are deployed and users won’t interact with them. We put them in unique folders and spread them randomly throughout the network.”
Greg: “You’ve got this whole network of little honeypots that are out there. When any one of those are hit, it’ll kill the process and isolate the workstation, so then an IT admin can come in and remediate it. If it happens at a server share level or at a cloud drive level, then it will isolate that offending user from the rest of the system so that they can’t continue to spread.“
Greg: “I mentioned earlier that our first version of this took nine seconds for that to happen, which in ransomware terms is an eternity. We’re now down to milliseconds. So it’s less than a second. This is after ransomware is actually running, whether it be at a desktop, across the network, or on a cloud drive.“
