Cyberattackers have used ransomware to perform nefarious activities for decades, starting back in the ‘80s. However, much of what is new about ransomware consists of the malware and tactics attackers use to get ransomware on a system. Palo Alto Networks recently released an updated version of its Unit 42-authored ransomware report, “Ransomware: Unlocking the Lucrative Criminal Business Model.” A recent blog post followed suit, calling out why ransomware, decades later, remains so effective and challenging to prevent.
In summary, the blog attributes this to three points:
- Ransomware takes advantage of the error-prone nature of users. For ransomware to infect a system, attackers take advantage of vulnerabilities users left unpatched, social engineering, or both.
- Ransomware targets file types and locations most valuable to users to ensure it’s taking away what matters most, driving up a victim’s willingness to pay.
- Ransomware hits quickly, faster than detection and response can occur.
For organizations to avoid falling victim to ransomware attacks, the focus must shift to prevention. Palo Alto Networks advanced endpoint protection combines multiple methods of prevention at the endpoint to effectively prevent against known and unknown malware and exploits, including ransomware. To that end, contained in its latest 4.1 release is behavior-based ransomware protection.
Traps analyzes ransomware run-time encryption activity, searching for specific ransomware behavior. If it detects encryption activity, Traps blocks the attack and prevents the encryption of data without impacting legitimate tools like full-disk encryption.