Why Your Business’ Antivirus Won’t Detect Ransomware

Ever think that antivirus software could actually help the bad guys break into your network?

A lot of businesses around Philadelphia are convinced that if they have antivirus, they are completely protected from even the worst ransomware. The cold hard truth is that most antivirus will NOT protect your business from a ransomware attack.

In fact, nearly 70% of businesses that have fallen victim to ransomware attacks thought their antivirus was going to protect them.

Now don’t get me wrong, having a good antivirus software that you continually update (criminals are inventing new strains of viruses faster than new strains of flu virus) does help protect your business. But solely relying on antivirus to defend off the magnitude and diversity of attacks hitting businesses in 2018 will almost certainly not be enough.

Today, I want to walk through why your antivirus should be one of a variety of security layers to protect your business’ assets, clients, team members and critical data from modern cyberattacks.

If your computer is infected with ransomware, your antivirus probably won’t detect anything until it’s too late.

The biggest problem with antivirus is that hackers are always scheming for new ways to crack your networks. They artfully design and devise new strategies that bypass routine antivirus scans in order to steal, encrypt and exploit your business’ network.

Think of hacking past antivirus kind of like Tom Cruise cracking top-of-the-line security systems in the Mission Impossible films. While the motion sensors penetrated nearly every inch of a room, Cruise was able to snake his way past laser upon laser to get to the asset he was seeking.

You can think of the antivirus kind of like those motion detectors in any room that Cruise successfully broke into. The antivirus looks through your file system for things it can recognize, but won’t really do much about things that it doesn’t find abnormal (things your antivirus software developers haven’t encountered yet).

Like Tom Cruise breaking all expectations by breaking through the room from the ceiling, your mastermind cybercriminal is pretty much doing the same thing hacking in your network and sneaking around the file system until it’s too late.

Too late meaning that all your files are encrypted and a ransom demand asking for tens of thousands of dollars appears on your (and your team’s desktops). These attacks—the likes of the recent Samsam virus—are on the rise and require more than even the most sophisticated antivirus scanning technologies to protect you from a completely ransomed network.

These attacks often show up in unsuspecting places. The art in cybercrime is finding the craftiest ways into your business network. Some cybercriminals have gotten really good at deceiving your staff through emails, getting them to download attachments, share passwords, or click on links. Other attackers utilize unpatched networks—servers, workstations and even firewalls—to get in and sneak around.

Some ransomware may lie dormant for weeks or even months—gathering data (keystrokes for important login credentials for instance) or until the virus has spread far and wide through your network and the networks of your colleague’s—before it completely shuts everything down by encrypting all files within reach.

Are there any ways to detect ransomware and remediate it?

While a ransomware infection is never ideal, there are a few ways that experts can detect a ransom attack before it has wiped your entire network out. One of the best ways is through persistent network monitoring.

Your IT Support team should understand what your network should look like on any given day. When a virus is on a workstation or server on the network, they should be able to see differences in activity levels on the machine.

The unfortunate truth is that most IT Support—internal teams or outsourced solutions—tend to overlook monitoring and maintenance in favor of firefighting immediate user issues. They simply don’t have the bandwidth—even if they have your best intentions—to keep your business safe and protected against ransomware.

What normally happens is that one computer gets infected and then infects your entire network. If someone had been monitoring and looking out for unusual or suspicious activity, your ransom attack likely would have been limited to one computer or a few files (which would be easy to recover if you have good backups) rather than your entire network.

And many IT teams simply assume that having antivirus—even updated antivirus—will be enough to keep their businesses safe and secure from ransom attacks. The big problem they are overlooking is the fact that antivirus only responds when it knows the virus. Even small changes to a pre-existing virus can leave antivirus software completely incapable of protecting your business against a new strain.

Don’t for a second that cybercriminals aren’t testing against the very same antivirus software you use in your business.

Criminals use antivirus simply to make sure that their new and improved variants go undetected by the most updated antivirus software. Before releasing their code on the Dark Web (where criminal masterminds sell virus ‘kits’ to other budding cybercriminals), a criminal coder will test at least 3 different antivirus software to make sure their ransomware goes undetected.

Bottom line: Antivirus is a great tool for stopping any known, or previously successful attacks. It understands the moves and activity of things it has confronted before, but will be of little help even detecting the new variant sweeping American businesses.

Is your business safe from the next ransomware attack? Are you depending on antivirus software more than you really should? Are you taking the proper precautions to prevent an attack from the start? Consider a third party network security assessment to make sure your ducks are in a row.