Why Didn’t My AntiVirus Detect Cryptowall….again!?

Chris Hartwig

biometric_security.pngI’ve previously written an article about why antivirus (AV) software has such a difficult time detecting cryptolocker, cryptowall, and other ransomware when it infects a network. I had expected that all my loyal readers out there would heed my message and demand endpoint protection on their network so that they wouldn’t get struck with crypto again. I was incorrect and this week I will highlight why one crypto infection practically guarantees you will get infected again.

You are probably wondering why I’m so confident you will get infected with ransomwareAnonomous-1.png a second time around. That’s simple. Cybercriminals are more persistent in taking down your network than you are at securing it. Now before you get defensive, let me explain myself. Cybercriminals are constantly spamming your company with messages containing what look like valid attachments, often supposedly from your bank account or fax server but actually contain a malicious payload that will execute and start to encrypt data in your network shares. The cybercriminals know your employees aren’t necessarily educated on phishing threats. They know that at least one in four will open their message if it lands in their inbox. Cybercriminals will use this form of social engineering to attack your employees, which are the weakest links in your network. But you already know this because this isn’t your first rodeo with ransomware, right?

 I don’t want you to think I’m picking on you, but if you got hit with ransomware once…shame on them for doing this to you. However, if you have gotten bamboozled by ransomware two, even three times…then the shame is on you and probably why you are here reading this article today. You know what ransomware is, have been infected but are still struggling to stop new infections. If you were in the sad position of not having a good backup and were forced to pay a ransom before, people at the company are going to start questioning your integrity when the attack is repeated successfully. After all, your customers spent quite a bit of time considering your reliability (or lack thereof) when they came into your office and couldn’t have their policies or accounts serviced because “the system is down.” That is a ding to a reputation that most CEOs and clients will not tolerate on a regular basis.

 phishing_drawing.pngYou can take some comfort in knowing that you are not the only one getting hit with ransomware on a regular basis. Cybercriminals run mass email campaigns and often target the same organizations multiple times with different email messages. With that said, it’s time to push employee education in regards to phishing and finally put a stop to ransomware on your network. Just remember, even the best educated still have trouble identifying spam emails and can be compromised. You have a real partner in WatchPoint. Our forensic experts will identify the behaviors associated with ransomware and notify you immediately. We use state of the art endpoint protection tools like Carbon Black to monitor networks for any suspicious behavior. This is something signature-based AV cannot do, and the firewall is defenseless against as well. If necessary, we can isolate any host on your network that may be compromised and stop any attack dead in its tracks.

 With WatchPoint's Security Solution you will:

         Green-Checkmark-25x24.png Know someone is securing your business.

          Green-Checkmark-25x24.png Have true visibility into your digital assets.

          Green-Checkmark-25x24.png Have a support staff dedicated to safeguarding your network.

  Be sure to check out some of our other articles for tips to protect your network.

Why Didn't My AntiVirus Detect CryptoWall?

How Many of Your Employees Will Get Phished Today?

Why Closing Unused Server Ports is Critical to Cyber Security

When Failure to Act Results in a Compromised Network – A Sad Cryptolocker Tale

watchpoint overview video

 

 

Share this:

Entrepreneur Link

Share

     

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all