ChannelLife New Zealand logo
Industry insider news for New Zealand's technology resellers
Story image

Exclusive: Ransomware isn't hard to beat - here's how

By Heather Wright
Mon 17 Oct 2016
FYI, this story is more than a year old

Cybercriminals can earn $84,000 on a $6000 investment in an exploit kit – great news for the cyber criminals, not so great for businesses, as ransomware explodes, but one industry expert says ransomware can be beaten right now, if you just know how.

Kent Shuart, SonicWall’s global evangelist and director of product marketing for Asia, dubs ransomware ‘a phenomen’.

“It’s approaching US$1 billion annually,” Shuart says.

“There’s a business for you, a billion dollar business – and it was nothing five years ago.”

Often using military grade RSA 2048 encryption, ransomware denies access to a device or data until the victim pays a ransom – usually in crypto-currency such as Bitcoin or BTC – to remove the restriction.

While it has been around for ‘many years’ it has recently become much more profitable and popular – ‘because it works so well’ – with new versions offering new ‘features’ including waiting to see where data is held and encrypting that as well.

Another recent version of cryptoware ransomware, which Shuart dubs ‘really cool’, encrypts the operating system, forcing the victim to use a different computer to pay the ransom – and infecting that machine in the process.

“It’s self propagating,” says Shuart, who was in New Zealand recently at a launch event for SonicWall and new Kiwi distributor Dicker Data NZ.

That variant, .cry ransomware, also uses a different way of communicating, using UDP rather than TCP to evade detection because most antivirus software doesn’t look at UDP.

It also uses Google Maps API to find out the victim’s location – providing information about the affluence of the community the victim lives in – and deletes the system shadow volume copies.

“It also stays persistent not only after reboots, but after system cleaning as well, because it hides places. And it hides in the strangest places – it’ll hide in the Bios of your computer, or the firmware of your camera, or in your printer.

“There are all kinds of cool places you can store this thing.”

It also comes complete with a functioning support page to enable communication with the criminals, and includes a free, drag and drop, decryption of one file to prove the files can be decrypted.

“Ransomware is just like Microsoft Office,” Shuart says. “It’s not a guy in a hooded suit in the corner somewhere. It’s a business and they’re operating it that way. They have marketing, business plans, tech support, patchups, they have financing available!,” he says.

“If we don’t know more about it, we are doomed to be penalised by it.”

But Shuart says it’s not hard to beat ransomware.

“Ransomware can be beaten right  now. You just have to get smart. And there are ways you can do that,” he says.

Shuart cites education as a key, saying its crucial to ‘build the human firewall’.

“The average person on the street has no idea what ransomware is,” he says. “And the first step in betting ransomware is understanding it.

“The thing to know about ransomware is that if you’re smart, if you’re educated, if you look for things that aren’t right that aren’t right, if you look for inconsistencies, you can find ransomware as well as malware very quickly and just protect yourself.”

He cites the example of a phishing email from a contact, where the contact signed off as ‘Mike’ rather than the usual ‘Michael’.

“Be aware, educate your people, understand when something looks awry, it is awry.”

He’s also a big advocate for constant patching of systems, with exploitation of unpatched systems, browsers and applications a common delivery method, along with phishing emails and malvertisements.

“When you start talking about patches, they publicise what they do. So I know what the breach should be about because Java talks about patching a specific piece of the system – well that’s the piece I’m going to target,” Shuart says.

 “Last thing each day I update my system. It’s a geeky thing to do, but it keeps me from getting caught.”

Ransomware can also go undetected in firewalls that are unable to decrypt and inspect SSL-encrypted web traffic.

“Increasingly, cybercriminals have learned how to hide malware in encrypted traffic.

“If I want to deliver you malware and you have no way of inspecting that – whether it’s malware, ransomware, whatever – this is an easy way in.

“Hidden ransomware is very simple to deliver.”

Shurt says the use of SSL/transport layer security encryption continues to surge, leading to under-the-radar hacks affecting at least 900 million users in 2015, according to some reports.

Shuart says keeping the network compartmentalised, taking a multilayered security approach with network, endpoints and mobile devices protected, and turning on all firewall features, including intrusion detection and encrypted files, even at the risk of reduced network efficiency, are also critical in protecting against ransomware, as is backing up files and, critically, moving them offline.

Unsurprisingly, Shuart also took the time to highlight SonicWall’s offerings, including its cloud-based Capture service, available with SonicWall firewalls, which analyses the file, using a multi-engine approach with three engines at once.

“Things happen very quickly. The idea behind this is to take performance and security by utilitising three things – multi-engine, multi-layer, cloud-based protection.”

Shuart says the offering operates at line speed, with analysed files becoming a known file,” he says.

“We can beat ransomware, it’s not that hard to do. We just have to get more sophisticated.

“We do that by identifying families of ransomware.”

Cybercriminals can buy families of products, which morph to make it more difficult to detect.

“But if you can identify a family of products, rather than a individual product, it is an art and a science. It’s the secret sauce.”

And for those who have been compromised, Shuart offers up some simple tips: Disconnect, determine the scope of the infection and the variant you have and evaluate your options – restoring from a backup, decrypting using a de-cryptor service (which has limited success, Shuart says) or paying the ransom.

Related stories
Top stories
Story image
Nozomi Networks adds nine partners to its MSSP program
OT and IoT security company Nozomi Networks has added nine new members to its MSSP Partner Program, and the list includes CyberCX and Deloitte.
Story image
SnapLogic teams up with meetmagic for charity and children
SnapLogic has announced its partnership with meetmagic, an online Australian platform that combines business and philanthropy.
Story image
Google Cloud
Google Cloud to open first cloud region in NZ - among others
Google Cloud has announced plans to bring three new cloud regions, one each in New Zealand, Malaysia and Thailand.
Story image
Dark web
Beware the darkverse and its cyber-physical threats
A darkverse of criminality hidden from law enforcement could quickly evolve to fuel a new industry of metaverse-related cybercrime.
Story image
Red Hat
Red Hat announces 2022 awards winners for A/NZ region
Red Hat recently acknowledged Australia and New Zealand partners with its annual awards, highlighting partners across various categories.
Story image
Financial results
Jade Software’s plan to get back to surplus in 2022
Jade Software has released its latest financial report, revealing that the company has kept its loss low from $567,000 in FY 2020 to just $153,000 in FY 2021.
Story image
Claroty launches new cloud-based industrial cybersecurity platform
The company says Claroty xDome is the industry's first solution to deliver the ease and scalability of SaaS without compromising on visibility, protection, and monitoring controls.
Story image
Ricoh and NZ tech company Tether initiate new reseller partnership
A new reseller partnership between Ricoh and NZ tech company Tether will focus on monitoring, hybrid work and air quality solutions.
Story image
Google NZ numbers show strong comprehensive profit increase
The latest financial report from Google New Zealand Limited has revealed an increase in total comprehensive profit of over $NZD 7 million.
Story image
Web application firewall
Radware recognised in KuppingerCole’s 2022 Leadership Compass report
Radware has been named a Product, Innovation, Market and Overall Leader in the 2022 KuppingerCole Leadership Compass report for Web Application Firewalls.
Story image
10 Minute IT Jams
Video: 10 Minute IT Jams - An update from Heidrick & Struggles
Graham Kittle joins us today to discuss how the company is helping organisations bring about change within their business.
Story image
Hands-on review: James Donkey RS4 Knight Wireless Gaming Keyboard
I have always liked mechanical keyboards, and this is no exception. I find the action much easier to use than the modern keyboards with limited travel.
Story image
Norton research finds NZ threat landscape diversifying on social media
Norton's quarterly report has highlighted the seriousness of the threat landscape in New Zealand.
Story image
Tech job moves
Tech job moves - Cohesity, Equinix, IDC, Proofpoint & Xero
We round up all job appointments from July 29 - August 5, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
New Zealand
2degrees announces appointments to newly established board
2degrees has announced Liz Coutts as the board chair, while Russell Stanners and Kathy Meads join her as directors.
Story image
2degrees unveils eSIM functionality for selected devices
2degrees has enabled eSIM functionality to work with a variety of Apple, Samsung and Oppo devices, including a range of iPads.
Story image
Mergers and Acquisitions
Netskope acquires Infiot, delivers integrated SASE platform
Converged SASE platform provides AI-driven zero trust security and simplified, optimised connectivity to any network location or device, including IoT.
Story image
Wave Audio spices up portfolio with first ever party speaker
Australian-based pioneers Wave Audio are enhancing their extensive range of groundbreaking new audio products by adding one of the most versatile speakers on the market to their growing portfolio.
Story image
More than a fifth of cybersecurity teams ban the use of public WiFi
Verizon’s fifth annual Mobile Security Index report has revealed a continued rise in significant cyberattacks in the last year involving a mobile/IoT device.
Story image
Wave Audio delivers ultimate immersion with new wireless earbuds
Wave Audio, one of Australia's best new audio brands, has recently released a set of landmark noise-cancelling true wireless earbuds, the Immersive Pro.
Story image
BNZ launches first tap-on-phone point of sale app in NZ
Bank of New Zealand has launched BNZ Pay, an innovative mobile app for retailers that transforms an Android device into a contactless payment terminal. 
Story image
OfficeMax NZ sees significant growth through Seismic partnership
OfficeMax New Zealand has announced it has seen a significant increase in customer and sales confidence as a result of Seismic’s digital enablement software.
Story image
VisualCortex and i-PRO partner for enhanced APAC deployments
VisualCortex and i-PRO have partnered to facilitate enterprise-wide Computer Vision technology deployments in APAC.
Story image
Exclusive: Inde provides innovative solutions across the tech sector
Inde likes to call its approach the 'power of the collective', which essentially means that if a client approaches the company with a problem, they'll get the team's collective insight to help drive the best outcome.
Story image
Document Management
TrustRadius gives M-Files two document management awards
TrustRadius has recognised M-Files with both a 2022 Best Feature Set and a 2022 Best Relationship award in document management.
Story image
Identity and Access Management
Pitney Bowes launches rebranded digital visitor management offering in A/NZ
Pitney Bowes has launched Smart Access Management (SAM), its rebranded digital visitor and contractor management offering in Australia and New Zealand.
Story image
Financial results
Facebook NZ financial report reveals notable revenue increase
Revenue from contracts with customers increased by $NZD 1,089,292 compared to 2020's figures.
Story image
Chorus announces Hyperfibre sponsorship deal with NZ Esports
Chorus has put its support behind New Zealand's Esports community with a newly announced three-year Hyperfibre sponsorship deal with NZ Esports.
Story image
Data Protection
Video: 10 Minute IT Jams - An update from SearchInform
Alexey Pinchuk joins us today to discuss the role the company plays in helping organisations manage risk and provide better security outcomes.
Story image
Spectralink DECT devices now integrated with Microsoft Teams SIP Gateway
Spectralink DECT devices are now integrated with Microsoft Teams SIP Gateway to help create better results for business-critical frontline workers.
Story image
Why security needs to shape your journey to the cloud
It's estimated that 80% of workloads could be in the cloud in the next few years. How can you make all that data secure?
Story image
Tablets & laptops
Hands-on review: Xencelabs Graphic Display Tablet
Xencelabs seemed to show up out of nowhere on the market. I had no idea who they were or what they were about, but I was very intrigued.
Story image
Microsoft unveils two new security products to help reduce attack surfaces
The products are set to give companies deeper insights into threat actor activity and help them successfully navigate the changing threat landscape.
Story image
LG Electronics
LG Electronics’ revenue in NZ grows by 57% in FY 2021
The New Zealand branch of LG Electronics Australia's total revenue shot up by nearly NZD $45 million reaching a total of $123.7 million for FY 2021.
Story image
Workplace design a crucial factor for better employee experience - report
The key to a successful workplace could be its design, according to research from Ecosystm and Neat.
Story image
Keysight Technologies and Nokia’s public test of 800GE success
Keysight and Nokia have successfully demonstrated the first public 800GE test, validating the readiness of next-generation optics for service providers and network operators.
Story image
Tablets & laptops
Chromebook and tablet shipments see another rapid decline for the year
According to research from Canalys PC Analysis, Chromebook and tablet shipments have fallen for the fourth quarter in a row for Q2 of 2022.
Story image
Fortinet unveils compact firewall for hyperscale data centres, 5G networks
"Fortinet’s dedication to pushing the boundaries of what is possible in security performance has yielded the most powerful compact firewall yet."
Story image
Home Entertainment
Hands-on review: TCL 65″ C835 Mini LED 4K Google TV
We introduce you today to a TV that brings the height of immersion to your viewing experience: The TCL 65″ C835 Mini LED 4K Google TV.
Story image
Nozomi Networks Labs identifies impacts on 2022 threat landscape
Nozomi Networks’ latest research finds that wiper malware, IoT botnet activity, and the Russia/Ukraine war have had the biggest impact on the threat landscape in 2022 so far.
Story image
Fortinet reports second quarter 2022 financial results
“We delivered strong revenue and billings growth in the second quarter driven by an increase in the number of transactions larger than one million dollars."
Story image
Hybrid Cloud
The essential guide to digital transformation by SolarWinds
Digital transformation is a buzzword thrown around all the time by companies, but what does it actually mean and why is it important? SolarWinds breaks it down.