Threat actors utilizing ransomware aim to disrupt business for maximum damage, and upon entering the lucrative niche, few things can force them to stop.
Unfortunately, despite increased awareness and greater spending on cybersecurity, organizations are scrambling to prepare and respond to the advanced levels of cybercrime. Often hastily implementing “new and improved” ransomware and malware prevention and mitigation measures can lower the probability of an incident, but when the attack hits, the help of professionals is often required.
To discuss the newest ransomware tactics, we reached out to Steve Perkins, CMO and Head of Product at Nubeva, a fresh-baked company that offers advanced decryption services for businesses struck by ransomware attacks.
How did it all start for Nubeva? What has the journey been like?
Our company was born from a group of passionate technologists. Randy Chou, founder and CEO, and Grieg Bannister, founder and CTO, wanted to create a technology innovation company focused on the intersection of security, cloud, network, and communications. In the early goings, Steve Perkins, CMO, and Head of Product, joined because of Randy and Grieg’s vision. We all worked together in the early stages of Aruba Networks, which eventually went public and was purchased by HP as the foundation of their networking business.
The journey with Nubeva thus far has been exhilarating, as we have been researching the market to find under-served critical problems. We have never slowed down, and continue to innovate, which is how we got to where we are today with our recently released Ransomware Reversal software.
Can you introduce us to what you do? What technology do you use to reverse the damage of ransomware attacks?
Our breakthrough Ransomware Reversal solution is an entirely new approach in the fight against ransomware. First and foremost, Nubeva is a decryption company for the greater good. We can do what many believe is impossible: decrypt successful ransomware attacks without the victim organization paying the ransom. Specifically, with Nubeva in place, we can decrypt files locked by ransomware and allow organizations to restore and return to operations quickly and easily. Nubeva is the ultimate safety net. No matter the organization's maturity, and no matter the budget or sophistication, this technology becomes a life-saving solution for when a catastrophic attack gets through.
The technology behind this capability is our own patented and proprietary technology called Session Key Intercept (SKI). SKI allows us to discover and capture encryption keys at the moment of encryption to enable downstream and lawful decryption later.
We often hear that human error is to blame for successful ransomware attacks rather than gaps in the technical side of security. How is ransomware deployed into one’s device, and are people themselves usually the cause of it?
Human error is a component of successful ransomware attacks, but there is much more to it. To err is human. The reason that we believe Nubeva’s solution is a vital back-stop for organizations is that it's not a matter of if, but when you’ll get hit with ransomware. This is why organizations try to have the best people, processes, and technology in place to protect them.
Technical vulnerabilities, such as the Log4j vulnerability discovered last year, as an example, continue to be exploited.
Business factors lead to exposure. For one, not all organizations have the staff, budget, etc. to purchase or keep up to date with all of the recommended systems.
The “bad guys” are getting better. They are figuring out how to get around defenses, get past detection systems, and learn how to do the most damage. They're getting through regardless of the systems in place, regardless of training, regardless of whether it is human error or other holes in the security posture.
The list goes on. No matter the form of entry, ransomware is often not a single element that just gets past security controls or a singular action from an individual. Often ransomware is executed in multiple stages over a period of time, using different malicious software and techniques to enter an environment. They use different software to establish a lateral movement for command and control, and then, ultimately, it detonates.
Do you think the recent global events played a role in the rise of cyberattacks? Have you noticed any new tactics used by threat actors?
Global events, such as the distributed workforces caused by COVID-19, have certainly added new gateways for these cyberattacks. But I would say that the real driver is the success these gangs have experienced over the last several years. While criminal, there is no denying that ransomware is a multi-billion dollar growth industry, and high growth potential equals high distribution. Global conflicts will continue to contribute to the severity and consequence of these attacks as well.
Every day, there are new ransomware variants popping up. Ransomware gangs are stepping up their demands and focusing on how to squeeze and cripple organizations when and in the way it hurts the most. It's not random. Seasonal businesses experienced attacks during critical periods for their business. Critical infrastructure is hit, making it nearly impossible to say no to demands. Ransomware actors are quickly expanding their ability to corrupt or encrypt backups, and extortion is growing. They absolutely are evolving.
In your opinion, what are the most common myths surrounding ransomware?
There are a good few. But what we are seeing most is organizations believing it won’t happen to them, or if it does, that they’ll be able to work through it with minimal damages. It’s easy to assume these things won’t happen to you or that protection in place is enough. Real-world example: no one thinks that their house will burn down, but still works to ensure the right pieces are in place to protect your home to the best of your abilities. And yet, these tragedies still happen every day.
We hear daily that organizations believe that detection and defense systems will be enough to stop these attacks or detect them before too much damage, or as long as we have sufficient back-ups, we can recover.
'Daily we are seeing successful attacks of very mature, large companies that have every leading-edge technology in place, with competent staff running them. There is no such thing as 100% secure. While backups are critical, the average recovery from backups is 22 days. Ask yourself, can you afford to have critical systems non-functional for three weeks?
Lastly, we have cyber insurance, should the worst happen. Insurance is important. It offset costs for incident response, system recovery, 3rd party liability, and even some consequential business loss. However, cyber-insurance prices are going, it's becoming harder to get, it has increasingly costly requirements, coverage has many caveats, and often does not cover the total impact and damages due to the downtown. Things like lost revenues, lost customers, supply chain distribution, and brand damage are the real cost of ransomware which is often not fully covered.
In conversations with our customers, a majority of whom have first-hand experience in a ransom event, these are real assumptions which, unfortunately, are biting organizations in the butt. Facts and statistics don’t lie, ransomware is getting through. The average recovery from back-ups is 22 days. Cyber-Insurance has caps on coverage, and recovery costs are netting out to 10 times the average ransom amount.
What are the best practices when it comes to protecting one’s company against ransomware?
A multi-tier defense approach is vital, and it goes beyond technology. Business and technical controls, well-architected policies and procedures, and the people to run it all. No one piece does the trick. Outside of cyber-security technology and back-ups, other protective components include cyber insurance and Nubeva’s solution to reduce catastrophic damage when an event happens.
It’s no secret that regardless of the hyper-focus on cyber-security, budgets and staff are tight. So assessing the risk and where and how to reduce it with the staff and budget available is the right approach when building this multi-layer approach.
Talking about average individuals, what measures should they implement to protect themselves online?
There are a myriad of great resources available from the federal government, CISA, etc. for protecting yourself and your families at home. The top tips for individuals include some simple ones: check the sources and don’t communicate with people or entities you don’t know, don’t click on unfamiliar or untrusted links, keep passwords strong, and change them often, and lastly, when in doubt, take a zero-trust approach.
How do you think cybercrime is going to evolve as organizations start to take cybersecurity more seriously?
This probably is raising another myth: cybercrime has suddenly gotten worse. We have been fighting cybercrime for 20+ years. As the defenses get better, the offense adapts and that will not change in the foreseeable future. It's no different than any other warfare we have seen for thousands of years. The ransomware tactic has gotten so good that this threat has grown in severity and frequency, and organizations are working to respond. Our goal is to disable and destroy the crypto-ransomware threat and then work to stay one step ahead of the next one.
And finally, what’s next for Nubeva?
Next for Nubeva is to get the product out to the market as quickly as possible to allow organizations to add another piece of armor in the fight against ransomware. The product is new and, in many ways, still unknown, and we are working hard to spread the word. Our product is meant for companies of all sizes and maturities, and it's priced to be adopted quickly. Our goal is to eradicate the crypto-ransomware threat and anticipate what they will do next.
To do this, time is of the essence. We are sprinting to perfect the product and algorithms for universal coverage and reach the highest levels of performance. We are also working on getting this product to organizations directly through our B2B sales and partnerships with MSP/IR firms. We want to offer it to their customers. We are also working on building OEM relationships to enable security technology firms to embed this technology into their existing products, so we can reach as many people as quickly as possible.