Anti-Virus Solutions Fail to Protect Against Ransomware

A recent KnowBe4 survey of more than 500 organizations found that 33 percent of respondents experienced a ransomware attack in the past year — and 53 percent of organizations with multiple solutions in place to block ransomware still become victims.

Seventy-two percent of survey respondents downloaded a ransomware simulator that mimics 10 different infection scenarios in order to test their anti-virus’ ability to detect and stop attacks. Only 52 percent of those organizations’ current anti-virus solutions were able to detect the ransomware.

“Ransomware is primarily delivered via a phishing email, which means your users have to be trained to identify it in order to prevent it, making antivirus ineffective at stopping ransomware. … An important layer in any company’s security stack is the last line of defense — the human firewall that can be trained to detect a phishing email,” KnowBe4 CEO Stu Sjouwerman said in a statement.

Among companies impacted by ransomware, an average of six endpoints and two servers were affected by a given attack.

Ninety-four percent of survey respondents that were hit by ransomware told KnowBe4 they didn’t pay the demanded ransom. Among those that did, the ransom ranged from three to five bitcoins, or approximately $3,750 to $6,250.

Eighty-seven percent of respondents said they rely on backups to recover encrypted data — though in more than seven percent of cases, the backups failed.

Massive Surge in Ransomware Attacks

Separately, PhishMe’s 2016 Malware Year in Review report, based on an analysis of more than 2,500 phishing attacks, states that ransomware tools were found in 90 percent of all malware payload URLs in 2016.

Thirty-seven 37 percent of all phishing attacks in 2016 delivered some form of ransomware utility.

In the first quarter of 2016 alone, according to the report, ransomware deployments surged by 662 percent.

“Within just a few months, ransomware went from a relatively boutique category of malware utility to a mainstream destructive tool used in massive wave after massive wave of phishing attacks launched against individuals and companies alike,” the report states.

Still, the report also found that a large portion of phishing attacks continued to deliver more traditional malware like information stealers, remote access trojans and keyloggers.

“In addition to focusing on the ‘smash and grab’ of ransomware, threat actors also continue to quietly infiltrate the target’s environment, thus making it increasingly important to detect malware during the delivery phase,” PhishMe co-founder and CTO Aaron Higbee said in a statement.

“As threat actors continue to alter their techniques to circumnavigate modern security filters, a different approach in security is needed to prevent cyber attacks from unfolding,” Higbee added.

Jeff Goldman
Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Related articles