According to the FBI, ransomware is a growing problem, with hackers expected to take in nearly $1 billion from ransomware payments in 2016. Even if victims have backup files or are willing to pay the ransom, the costs associated with productivity downtime add up quickly. Additionally, the availability of ransomware-as-a-service combined with high profits for the attackers means ransomware attacks are likely to escalate in 2017. “Despite years of spending on cyber security, attacks and breaches have continued and extorting money through ransomware is increasingly popular,” said Scott Crawford, research director for Information Security at 451 Research. “Given the speed of the ransomware and the depth of its operational disruptions, it’s imperative that security teams have techniques in place to defend against such attacks at the earliest stage possible. Deception technology, such as that in SecureSphere v12, represents an innovative way to identify and mitigate such activity and help organizations defend against ransomware and other attacks.”
Imperva SecureSphere File Firewall uses real-time monitoring to constantly watch file access activity and provides an audit trail showing who, what, when, where and how data was accessed. The solution also incorporates deception-based technology to identify and quarantine users infected with ransomware. This is designed to isolate the ransomware, preventing it from accessing other network file servers while also allowing users who are not infected to continue to access the file share.
Once ransomware behavior is detected, SecureSphere policies quarantine the infected system and block it from accessing enterprise file servers. It also alerts administrators so that infected systems can be remediated.
“It’s not the cost of the ransom that hurts the business; it’s the downtime,” said Amichai Shulman, CTO and cofounder of Imperva. “We have carefully studied ransomware behavior to develop this unique combination of deception technology and real-time monitoring. The best defense is to catch the extortionists before files are taken hostage.”
