You have 43 Minutes To Stop A Ransoware Attack: Splunk

A new report from Splunk has warned that network defenders have only 43 minutes to mitigate ransomware attacks once an attacker has begun encryption. Splunk measured known ransomware strains including Ryuk, REvil, BlackMatter, DarkSide, Conti, LockBit and more, with LockBit being the fastest attacking and encrypting ransomware, 86% faster than the median of 43 minutes. The report requires you to register to see it as I did, but it is very much worth reading.

Peter Stelzhammer, Co-Founder, AV-Comparatives had this comment:

“In our common ransomware testing we saw that not only the ransomware itself is code optimized, but also the endpoint protection products do a very good job protecting against those threats. However, it is also fact that the performance of the computer, especially of the CPU, has an impact on the ransomware. Usually the faster CPU is, the more files are getting encrypted, if it’s only about ransomware protection. The best thing is to block the threat is the threat itself before it can start its behavior.”

Mitigating ransomware attacks in 43 minutes or less sounds like a tall order. And it can be. But it shouldn’t stop companies from doing everything possible to make sure that they are not a victim of ransomware. Because prevention may not be easy. But it is possible.

UPDATE: I have two more comments. Chris Olson, CEO of The Media Trust had this to say:

 “Ultimately, these findings demonstrate the futility of responding to ransomware and encryption attacks after the fact. To protect themselves, organizations must pivot to prevention over treatment. The first step is to monitor IT and digital infrastructure in real time, while working to harden entry points which malicious actors can use to gain a foothold before they do.”

“Importantly, today’s businesses must work to gain a detailed understanding of the way that ransomware attackers compromise their systems, from the reconnaissance phase through to execution. It’s easy to overlook the importance of digital attack surfaces such as the Web and mobile devices – but this is exactly where many ransomware incidents begin.”

Darren Williams, CEO and Founder of BlackFog offers this perspective:

 “One of the challenges with traditional defensive approaches to cybersecurity is that they require too much time to adequately protect organizations from these types of attacks. The focus on encryption speed should be irrelevant for modern cybersecurity software.  Instead of focusing on encryption we should be focused on preventing the exfiltration of data from the device and the resulting breach. By looking at the mechanism of action across various ransomware gangs it is possible to stop these attacks at many stages of the attack life cycle and ultimately stop the data exfiltration from the device itself.”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: