We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
In these attacks, attackers are using compromised credentials harvested by an initial access broker to enter an organization’s internal systems and start spreading ransomware.
How dangerous is BlackCat ransomware?
While many commentators are concerned that BlackCat is one of the most sophisticated and dangerous ransomware threats, some experts are skeptical that the strain poses any more risk than other existing variants.
“Black Cat is a problem, but it’s really no more of a problem than other variants we’ve seen,” said Gartner senior research director, Jon Amato.
“The big difference between BlackCat (also known as ALPHV) and other ransomware toolkits is that it’s written in Rust, and seems to have better memory protection and reliability. And initial indications are that BlackCat is more likely to successfully deploy and execute on target computers than ransomware toolkits written in C++ or other languages, for example,” Amato said.
However, Amato also notes that the code used by the malware does have the advantage of being less likely to be detected by some antimalware tools, which might not have been trained to detect malicious binaries written in Rust.
What can enterprises do?
The publicity over the BlackCat ransomware threat comes at a time when organizations’ anxiety over ransomware is at an all-time high, following a number of high-profile attacks, including the Colonial Pipeline breach and the long-term havoc wreaked by the Conti ransomware group.
In fact, research shows that 74% of IT decision makers report they are so concerned about new extortion tactics that they believe ransomware should be considered a matter of national security.
Although ransomware threats are extremely serious, there are some simple steps that enterprises can take to mitigate it. Namely, acting fast to deny the attacker the ability to encrypt the data in the first place, which means decreasing reliance on legacy security tools and embracing next-generation extended detection and response (XDR) tools.
“From an organizational standpoint, companies need to stop relying on legacy perimeter and signature-based security tools alone, such as firewalls and antivirus software, and start deploying EDR [endpoint detection and response] and XDR solutions that are readily available on the market. In terms of preventative controls, enabling MFA in the organization is a good first step,” said Ken Westin, director of security strategy at cybersecurity vendor Cybereason.
The reality is that legacy security tools are not equipped to identify and mitigate the latest malicious threats. For example, Westin highlights that BlackCat ransomware uses the Rust programming language to evade existing behavioral and static analysis tools which are trained to look at traditional languages like C++.
This means that enterprises not only need to protect their endpoints against compromise, but they also need to have sophisticated XDR solutions in place that are capable of identifying and responding effectively to obfuscated attacks.
The top ransomware protection solutions
As organizations become more concerned over the threat of ransomware breaches, there has been a significant growth in ransomware protection solutions, with the global ransomware protection market valued at $19.77 billion in 2020 and anticipated to reach $47.04 billion by 2027.
One of the leading providers addressing this challenge is Malwarebytes, which generated over $190 million in annual recurring revenue (ARR) in 2020, and offers endpoint detection and response solutions that can detect and block attempts to deploy malicious code to the endpoints.
Malwarebytes’ solution uses machine learning (ML) to detect anomalous activity on the endpoint and respond. It also offers just-in-time backups to ensure that data is recoverable if it’s encrypted.
Another competitor is CrowdStrike, with CrowdStrike Falcon Insight, an endpoint protection and response solution that uses ML and behavioral indicators of attack to identify and block ransomware. CrowdStrike recently announced their 2022 fiscal year results, with an ARR of $217 million and total revenue of $431 million.
The main differentiator between antiransomware solutions at the endpoint level is how effective their AI is at detecting and blocking threats in real time. For instance, CrowdStrike combines the latest threat intelligence with an AI that can spot signs of compromise and enable security analysts to respond.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.