Researchers Announce Ransomware Detection Breakthrough

In January, researchers from Australia’s Commonwealth Scientific and Industrial Research Organisation and South Korea’s Sungkyunkwan University published details of their experimental ransomware detection software. By using low-level computer operating signals, their solution identified ransomware in 115 milliseconds to help detect malicious code before too late. 

Cyberattacks are growing in scale and intensity, especially since criminal organisations can now demand ransoms in untraceable bitcoin transactions. According to the Harvard Business Review, the amount companies paid to hackers grew by 300% in 2020. In 2021, both government and private enterprise has realised that ransomware is a massive threat to both profits and reputation. Said U.S. FBI director Christopher Wray: ‘We think the cyber threat is increasing almost exponentially’. 

Ransomware in the News 

In 2021, malicious actors used ransomware to extricate unprecedented sums of money. Here are three of the most recent—and noteworthy—attacks: 

• Colonial Pipeline. Criminal organisation DarkSide disrupted gas supplies all along the East Coast of the United States, causing consumer panic and distress. CP paid US$4.4mn in bitcoin. 
• Brenntag. DarkSide strikes again, demanding US$7.5mn in bitcoin. The chemical distribution company eventually paid $US4.4mn—still a sizable amount. 
• Acer. After ransomware infiltrated a weakness in the company’s Microsoft Exchange server and accessed critical financial spreadsheets, Acer paid US$50mn, the largest ransom known to date. 

Part of the problem is that remote workers don’t have access to the same cyber protection that they did when working from inside a company’s network. ‘When you’re working from home, you are not behind the castle walls anymore’, said John Hammond, a cybersecurity researcher at Huntress. ‘You’re...away from the safe perimeter of corporate networks’. 

What’s the Solution? 

According to Gartner, investment in cybersecurity tools that protect laptops and desktops—endpoint protection—has doubled since 2016 to US$9.1bn. In addition, President Biden recently signed an executive order that will require civilian federal agencies to use endpoint detection and response software. 

This software not only blocks malicious files but also automates the search for suspicious behaviour. Aside from the recent Aussie-South Korean research, these are some firms that are leading the field: 

• SentinelOne 
• Cybereason
• Microsoft 
• CrowdStrike Holdings

Blocking ransomware is neither easy nor inexpensive: solutions start at about US$12 per endpoint per month, which for large enterprises can add up to millions of dollars. Yet it can help detect and prevent equally costly attacks. As Jared Phipps, Senior Vice President of Sales Engineering for SentinelOne, explained: ‘[We see] weeks or even months of lead time...and in most cases, there are a lot of security alerts. There is absolutely time to stop those attacks’. 

But tech advancement is a game two can play. ‘As the defences get better, this drives new offensive techniques, which drives better defences, which drives new offensive techniques, and so forth’, said Andrew Howard, CEO of Kudelski Security. Even as researchers make breakthroughs, ‘there isn’t a 100% effective technical solution for this problem’.