It is rare that a day goes past without a high-profile ransomware attack making the news. These attacks have continued to grow in frequency and intensity – in fact, according to IDC’s 2021 Ransomware Study, over one in three (37 per cent) of global organisations were victims of a form of ransomware attack in 2021. The perpetrators do not discriminate against business size or vertical. Individuals and businesses large and small have been the target of these attacks, as have critical infrastructure, schools, and hospitals. No organisation, industry, or even state government is safe.
James Derbyshire, browser isolation expert at Garrison explains: “Ransomware is a significant and ever-increasing risk, capable of bringing organisations, and even industries, to their knees. Unfortunately, once this type of malware has a foothold in your network, it is too late. Organisations are then faced with two equally unpalatable options – do not pay the ransom and incur huge financial losses until you are able to restore business operations or pay the criminals an eye-watering amount to release your data immediately. And with average pay-outs for ransomware attacks approaching $1 million, this is no small ask.
“Despite the recommendations not to, it is perhaps not surprising that most victims pay the cybercriminals, as this is usually the quickest way to restore their network. Unfortunately this approach helps fund the growth of ransomware gangs, which are using increasingly sophisticated social engineering techniques to target both organisations and individuals.”
In the first half of 2022 there were around 236 million ransomware attacks worldwide. In one of the most disruptive attacks, the central American country Costa Rica was brought to a standstill in an event declared a ‘national emergency’ by its president. A Russia-linked criminal gang used ransomware to infiltrate the Ministry of Finance, completely halting the country’s import and export businesses and causing losses of tens of millions each day.
Rethinking outdated security measures
Derbyshire explains that ransomware’s primary attack vector is users’ connectivity to the internet, and that these attacks target vulnerabilities across an organisation’s complex ecosystem.
“The best time to take action is before the attack takes place,” he explains. “The error in the response so far has been to lean heavily on detection techniques that either look for known attacks or Indicators of Compromise – in other words, behaviour that is already known to be suspicious. This means that these technologies are often unable to detect zero-day malware infiltration. But even more critically, these technologies are unable to stop the malware from getting in in the first place.”
Malware usually enters an organisation’s network using sophisticated social engineering, which is designed to exploit human error, and the reality is that no amount of staff training can protect against these attacks. Put another way, criminal actors are able to generate targeted attacks that are impossible for humans to detect 100 per cent of the time. All it takes is one slip-up for ransomware to get a foothold in a company’s network. The ransomware can lay dormant for months or even years before it is deployed.
Ensuring that everyone in an organisation maintains a perfect record when it comes to spotting phishing attacks is impossible. And once you recognise the implausibility of a company simply ensuring that its employees never fail, it becomes clear that organisations cannot rely on their staff to protect their networks and their data. They need to review their existing security measures if they are to fully protect themselves against ever-sophisticated ransomware attacks.
Pixel Pushing for ultra-secure browsing
A solution that is growing in popularity with security-conscious organisations is Browser Isolation, which entirely removes the risk of ransomware by creating an impenetrable barrier between the internet and the employee’s machine, and therefore puts a protective barrier in between malicious code and the organisation’s network and data.
Full Browser Isolation uses an approach called ‘Pixel Pushing’ which turns the browsed webpage into an interactive, live video stream. This completely isolates the user’s machine from the internet, completely removing all risk of ransomware attacks from the web, regardless of the sophistication or frequency of such threats.
“Full browser isolation means that instead of going online and potentially coming up against malicious code, employees instead see a completely safe video representation of the web,” Derbyshire continues. “Because of the complete, impermeable separation between web and network, employees can literally click on any link or visit any website without the risk of negative consequences.
“Another key part of this solution is that for the web user, the online experience is exactly the same – text appears as text, links are clickable, and all multimedia content, including videos, is fully accessible.”
According to Derbyshire, when Pixel Pushing is delivered through software, performance is compromised due to large amounts of high-compute video rendering. Hardware-based Pixel Pushing, on the other hand, provides full security without impacting the user’s browsing experience.
Transcoding – an incomplete security solution
A plethora of browser isolation technologies have turned to transcoding to protect endpoints from malware. Transcoding is a software-based technique that delivers only partial Browser Isolation by turning website code into smaller subsets, removing known malware and reconstructing it before sending it back to the user’s device. But there is a big flaw in this method – due to the fact that it always lets some of the original web code through, meaning that the threat of ransomware still looms large. Partial Browser Isolation is a porous technique that significantly compromises security in favour of user experience.
“Full Browser Isolation delivered by hardware-based pixel-pushing solves this challenge, by using dedicated hardware to deliver a scalable and usable experience that doesn’t compromise on security,” Derbyshire adds.
The security technology that businesses and governments across the world rely on is not as effective as it needs to be to stop ransomware attacks. As these attacks continue to increase in frequency and intensity, while employing highly effective social engineering techniques, it is clear that organisations need a serious rethink of their approach to security, to put an end to these debilitating attacks.