Fighting Ransomware in the Cloud

The CSA Security Update podcast is hosted by John DiMaria, CSA Assurance Investigatory Fellow, and explores the STAR Program, CSA best practices, research, and associated technologies and tools. This blog is part of a series where we edit key CSA Security Update episodes into shorter Q&As.

In today’s post, John interviews Greg Edwards, CEO of CryptoStopper, to discuss how to defend against ransomware and the importance of implementing sector-specific controls.

Listen to the full podcast here.

Introduction to Ransomware Defense

John DiMaria: Today we are going to cover ransomware. In 2021, ransomware cost the world $20 billion, and every 14 seconds somebody gets hit with ransomware. To discuss this threat, today we have with us Greg Edwards, CEO of CryptoStopper. To start, could you give us a little bit of background on CryptoStopper?

Greg Edwards: So CryptoStopper is a deception technology, SaaS business. The way we stop ransomware is by deploying bait files throughout network architecture and monitor them to detect actively running ransomware. Whereas traditional endpoint security tries to prevent attacks, this happens to stop actively running ransomware attacks. CryptoStopper stops attacks to determine what went wrong for future reference.

JD: What would you say are the main challenges you face as a SaaS provider?

GE: The biggest challenge that we have is really just making the tool easy to deploy, and getting it across all clients. So, we are working to integrate with other systems to make deployment easier so that managed service providers can get this installed across their client base.

The Rise of Ransomware

JD: Why do you think there’s such a rise in ransomware? Why has the adoption of cloud caused an uptick in attacks?

GE: Really it’s multifold. Even though the pandemic has affected the rate of ransomware, I believe it’s more that the attackers are perfecting their craft. Ransomware really started to take off in 2012 when Bitcoin became popular and cryptocurrency became available. Over the last 10 years, attackers have been able to perfect their craft and really monetize it. As companies, we have not been changing quickly enough. Especially adding the pandemic to that, it makes sense as to why we have a problem with ransomware and cybercrime.

Controls & Complexities

JD: How critical do you think it is to have an information security management system using sector specific controls to be able to understand what your security posture is?

GE: It is critical. I’ve always been a proponent of multi-layered security. Adding the controls, people, and processes makes sure that in any software there isn’t a silver bullet. If you leave the front door open and an attacker gains access with administrator credentials, they can still do lots of damage, even with something like CryptoStopper installed. If you don’t have the right processes in place, you’re still leaving yourself vulnerable. So I do think that controls and the CCM are really critical components of overall cybersecurity posture.

JD: With the rapid upsurge we’ve seen in cloud migration, there’s not a lot of thought that goes into understanding the complexity of an organization’s operations. In your opinion, how much do you think is attributed to the success of ransomware because of all these new complexities?

GE: I think these complexities certainly contribute to the success of ransomware. I was just reading an article about venture capital-backed companies being targeted by ransomware attackers. Again, attackers know what is going on and use that to leverage their way and ultimately ransom the companies. Complexity can come in multiple forms. Having the right people, processes, and technology in place is what protects a company.

Ransomware-as-a-Service

JD: In the market, isn’t there something like ransomware-as-a-service?

GE: Yeah, just like software-as-a-service, there’s ransomware-as-a-service, where you have more sophisticated organizations creating a ransomware platform. Then they will sell that to affiliates for a nominal monthly fee to have access to the platform, sharing the spoils when there is an attack that happens.

JD: So this could be an additional reason for the upsurge in ransomware?

GE: Right. To add to that, within Russia, it isn’t illegal for a Russian citizen to attack and ransom companies as long as they’re not in Russia. But when you think about it from that standpoint, they have no moral or ethical reason not to be ransomware perpetrators because they are taking funds from the “evil Americans” or “evil Western countries” and bringing it to Russia. When you think about it, why wouldn’t they do it? I’m not saying that it’s right - I certainly don’t think it is. But it makes sense why we have such a massive problem.

Protect Your Organization

JD: What are some of the common sense things that an organization needs to do to reduce the risk of ransomware?

GE: From a technology standpoint, you need good hygiene within the network. This includes patch management, passwords, and user education. Really, the multi-layered approach on top of adding the controls and compliance is what companies need. If you have a company that has a bank account and an internet connection, you are a target and it is serious.

JD: Really appreciate you taking the time out of your day for us. Thank you.

Click here for more information regarding STAR certification and the different levels of STAR.