WatchPoint Security Blog

Defenseless Against Cryptowall…Or Are We?

Written by Michael Collis | March 22, 2016

You enter work on a bright Monday morning with several projects on your plate: clients to call, appointments to make, accounts to update, meetings with staff.  But what you weren’t expecting was to have your network taken hostage by cyber criminals, making your to-do-list for the day not only impossible to complete but now fairly insignificant. Who has your data?  How did they get into the network?  What do they have?  These horrifying questions and more begin to enter your mind as well as another important one, how did my Anti-Virus not stop this?

Cryptowall, as many of you already know and already have experienced its wrath, is a damaging piece of ransomware that encrypts user’s files and demands a ransom be paid in order to decrypt the files. This attack comes in the form of an e-mail from what appears to be a trusted source: Amazon, UPS, FedEx, even your boss.  When an attachment is opened and downloaded, the malware begins to run.  How many people in your office would open that attachment?  Are you thinking about who in the office might right now?  Many stats show that as many as 25% will, but it only takes one.

Why doesn’t your Anti-Virus stop this?  Anti-Virus is only effective 47% of the time.  Anti-Virus only detects known threats and new threats are created at a rate of 3.5 per second! Within one minute 210 new threats are created.  Anti-Virus just cannot keep up. Firewall is another useful tool in prevention, but it only blocks incoming connections.  If you close unused ports on your firewall, you can do a pretty good job of keeping hackers from initiating connections to services on your network. However, the firewall doesn't block outgoing connections made by yourself or others. 

So how do we stop cryptowall? We need as many layers as possible. You certainly need to keep Anti-Virus and Firewall, but a perimeter cannot be your only defense. Who is looking out for someone who passes these barriers? In the new age of defense, we need to monitor our endpoints around the clock.  This is what WatchPoint provides: the latest signature based surveillance software from Carbon Black and an around the clock team that can respond immediately to alerts of intruders on your network. Our forensic team can inspect all potential threats, isolate the endpoint, and communicate the situation so remediation can begin.