Attacks known as “ransomware” are ugly no matter how you look at it. But from the perspective of IT service providers, they are often the event that leads to their first engagement with a customer.
Faced with the prospect of having to pay a fee to rescue a machine from the clutches of a criminal that has hacked their way into their system, many customers make their first call to an IT services providers for help.
The good news is that new tools are emerging that enable those service providers to resolve the problem. For example, FireEye and Fox IT worked collaboratively to create a free master decryption tool that disables the CryptoLocker malware that is at the root of so many ransomware schemes.
But the issue goes well beyond a single event. The simple fact is that the signature-based antivirus software that most organizations still rely on to defend them can’t cope with modern attacks. Scott Parker, a sales engineer for N-Able Technologies, a unit of SolarWinds that provides a platform that IT services vendors used to deliver managed services, says the time has come to deploy anti-malware software on endpoints that make use of heuristics to provide a more comprehensive approach to security.
A signature-based approach to security assumes that the attack being launched is known. It can take a provider of anti-virus software months to actually discover a new type of attack and then days or weeks to come up with a signature that recognizes that type of attack. Parker contends that a heuristics approach to IT security creates rules that prevent users from downloading certain types of files or better yet a piece of code from engaging in abnormal behavior.
The opportunity and the challenge is convincing organizations that they are not being well served by their existing investments in traditional anti-virus software and that they would be better offer in relying on a managed IT service.
Of course, the most compelling way to do that is to highlight how organized digital criminals have become. Most of the lethal attacks being launched these days are taking advantage of toolkits created by professional developers. Those toolkits in turn are connected to botnets that make the cost of launching these attacks negligible.
Hackers are also getting better at compromising the security of some of the most popular Web applications. Cryptolocker, for example, was recently discovered being distributed via YouTube, while other forms of ransomware have been found on sites belonging to Yahoo. Meanwhile, Lookout, a mobile security firm, estimates that 900,000 users of Android devices were infected by “ScarePackage” ransomware. In that instance, a message informs the user they are guilty of child porn, child abuse, or sending bulk spam. Purportedly sent by the Federal Bureau of Investigations or a security consulting firm, the message demands the user pay a few hundred dollars to get control of their device back.
Obviously, most IT services providers would like to be introduced to a potential customer under less stressful circumstances. The good news is that, thanks to new decryption tools, the outcome of that engagement can be a lot more positive for all concerned.