Advances in ESET Ransomware Protection

Email remains the most common channel for ransomware infection.

In response to customer needs and concerns, ESET integrated Ransomware Shield (a tool that evaluates the behavior of malicious code in order to detect if it really is ransomware) into its business security solutions. ESET already provides its customers with cutting-edge behavior-based malware detection in the Host-based Intrusion Prevention System (HIPS), allowing users to set custom rules for protection against ransomware. However, should something slip past the 11 other security layers, Ransomware Shield will be automatically activated.

As email remains the most common ransomware distribution method, whereby an initial downloader file is delivered followed by the ransomware as a secondary infection, enter ESET Dynamic Threat Defense (EDTD). EDTD provides additional protection through its inclusion in Mail Security, File Security, and Endpoint Protection products, and utilizes a cloud-based sandboxing technology and multiple machine-learning models to detect never before seen threats.

For instance, ESET’s machine-learning technology recently discovered a suspicious sample on computers at Hong Kong universities that ESET researchers identified as an updated launcher being leveraged by the Winnti threat group. Submitting suspicious samples for machine-learning analysis In the cloud via EDTD is especially critical for harnessing the full might of cloud processing and taking advantage of more models to detect malware. Attachments classified as malicious by EDTD are then stripped off the email, informing the recipient and the wider network of the detection.

The need to raise security awareness among employees
The debate around whether the cause of a successful ransomware attack is the attackers’ skill or the negligent security habits of employees does not have a clear winner. Regardless, the risk of a ransomware infection is one of many reasons why companies should concentrate on training their employees in best cybersecurity practice. 

In the case of WannaCry, the infection was spread by exploiting a vulnerability in Microsoft Windows. To prevent the attack, companies simply needed to install the available security patches, and companies that failed to do so suffered the consequences. “It is no small feat that both companies and consumers protected by ESET’s multilayered technologies were not impacted by WannaCry, as ESET had taken appropriate steps to add network detection of the exploit two weeks before the largest ransomware attack in history struck,” noted Debski.

Improperly allocated investment
Companies should examine whether correct measures that contribute to overall security have been implemented. “We see a trend of some companies spending hundreds of thousands to millions of USD on advanced solutions, but not a few thousand more on well-trained personnel to take responsibility for deploying and managing security measures on a network. Instead, companies often choose to accept the risk of certain weaknesses because they do not expect a ransomware attack to happen to them,” commented Debski.

The deployment of a multilayered security suite like ESET Endpoint Protection should be paramount to all enterprises, followed by sustained maintenance and best security practices to ensure a holistic approach to security is a number one priority.

For further information on how to protect your company against ransomware and similar attacks, please see these useful resources:

  1. RANSOMWARE: an enterprise perspective 
  2. Best practices to protect against Filecoder (ransomware) malware
  3. ESET vs. crypto-ransomware
  4. What is ransomware?
Protect your endpoints from ransomware.

Protect your endpoints from ransomware.

Try out our ESET PROTECT bundles that keeps your endpoints and server protected from malicious software including ransomware.

Learn More