Security News Antivirus Fails to Stop Ransomware 100% of the Time

frogboy

In memoriam 1961-2018
Thread author
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
That’s according to a recent survey from Barkly of companies that suffered successful ransomware attacks during the last 12 months. A full 100% reported they were running antivirus at the time of the attack.

And antivirus wasn’t the only security solution that came up short. Victims reported that 95% of the attacks bypassed the victim’s firewall(s); 77% of the attacks bypassed email filtering; 52% of the attacks bypassed anti-malware; and 33% of the attacks were successful even though the victim had conducted security awareness training.

Not a great track record. But what’s baffling is the finding that most companies don’t alter their approaches after a ransomware attack.

“Instead of branching out and investing in new forms of protection, the majority of respondents chose to simply double down on the same poor-performing solutions,” said Jonathan Crowe, a security researcher at Barkly.

In fact, 26% (re)invested in email filtering; 25% (re)invested in security awareness training services; 20% (re)invested in antivirus; and 17% (re)invested in firewall(s). That’s in addition to the 43% that didn't invest in any additional solutions at all.

“One way to read these reactions is that, lacking obviously better options but still feeling the pressure to do something, companies are taking the only immediate path they see forward — adding more of the basic, foundational security solutions that have widely-accepted benefits even though they also have widely-acknowledged holes,” Crowe said.

Many IT pros said that they preferred to address vulnerabilities and make improvements on their own. Two thirds responded to the attacks by conducting their own user awareness initiatives. Nearly half reacted by making updates to their existing security policies.

“The fact that a whopping 43 percent of respondents chose not to invest in any additional security solutions whatsoever is also an indication that, when it comes to preventing ransomware, IT pros simply don't see many good options (new or established) they feel like they can trust,” Crowe said.

Another factor is that backups might be making IT staff complacent. Barkly research showed that 81% were confident backup would provide them with complete recovery from a ransomware attack. But less than half of those who had actually experienced an attack were able to fully recover their data with backup.

Full Article. Antivirus Fails to Stop Ransomware 100% of the Time
 

tim one

Level 21
Verified
Honorary Member
Top Poster
Malware Hunter
Jul 31, 2014
1,086
Thanks for sharing! :)

Ransomware evolution is too fast, and antivirus vendors need to adapt the technology making it more effective.
Yes the best solution is an offline backup plan.
 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
Signatureless solutions score far higher, it's just that most users
are too lazy for the learning curve or fight the change because
they are comfortable with "what they know" even though the
protection is non existent or substandard.
Great share Frog ;)
 

Solarquest

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Ransomware is a sad reality and getting a probable event in many companies...why they do not invest in a dedicated tool is a mistery...or a sort of masochism?
AV are getting better in ransom detection/protection but not all....and only few offer a good level of detection/protection.
 

DardiM

Level 26
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
May 14, 2016
1,597
Thanks for the share :)

- About mails : I wonder how many mails concerned were in relation to the work :rolleyes:
- About PC : they don't know how to make a special account and only allow prog in relation with the work, for each PC ?
 

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
Here are some programs with 100% protection:

Screenshot_2016-11-10-19-36-03.png

https://avlab.pl/sites/default/files/68files/ENG_2016_ransomware.pdf
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Seriously these products like Voodoshield, NVT Exe Radar Pro, SecureAplus and few others should be taken by any I.T personnel as important setup to business scale.

AV's nowadays are already overrated [but not all] because they still rely on signatures, leaving their behavioral protection not so effective in multiple scenarios.

Yes backup solution is still a must and many taken it for granted.
 
W

Wave

Thanks for sharing @frogboy, I was wondering if I would find a recent article this week which topped the one about Kaspersky complaining about Microsoft... Thanks to you, I've been successful. :)

This article is very laughable, especially at parts where they talk about computer training:
and 33% of the attacks were successful even though the victim had conducted security awareness training.
Hmm... Obviously the training they were given wasn't enough, and they need to go back and do some proper training? Let me help these companies, teach your employees to:

- Always use an ad-blocker to help safeguard themselves from becoming a victim of malvertising.
- Never download and run programs without express permission and a real reason for doing so - that being said, always check the reputation and do your research (VirusTotal scans on both the download source website + the download, for example).
- Never open up e-mails from unknown/unexpected senders... Don't click links in untrusted e-mails and this includes not going near the attachments unless you know exactly what you are doing (you can also scan the e-mail senders at blacklist checkup sites however sometimes an attacker will spoof the e-mail sender).
- Never share personal nor company information online without validating who you are speaking with/what service you are entering information too, or without a very good valid reason to do so. Even sharing your e-mail address to unknown companies can result in you becoming a victim because attackers may attempt to social engineer you from an e-mail via click-bait titles and persuading text (which commonly leads many people, trained or not, into the path of infection...).

And most importantly, don't be click-happy, because this was the reason all these companies had their systems compromised... The employees, regardless of their "training" were click-happy and this led to infection. No surprise, anyone who is click-happy will eventually encounter their system becoming compromised due to malware/adware.

Those tips above will help them alone, the security solutions aren't even necessary as long as the employees are properly trained and do their job properly as opposed to wasting time doing useless and unnecessary internet searches or going through unknown e-mails from unknown senders just to waste their time so they can make time fly to end the work day...

The security solutions just provide a false sense of security, and companies start believing they are bullet-proof after installing a "Next-Gen" endpoint solution. No, that isn't how it works at all.
 
Last edited by a moderator:

Fritz

Level 11
Verified
Top Poster
Well-known
Sep 28, 2015
543
Meseems some folks think all it takes is nine women to deliver a child in a month. :p
 
  • Like
Reactions: JB007
W

Wave

Hello @Av Gurus
Are avlab tests reliable ?
None of the tests are "reliable" because there is no "best" AV, but vendors will still use the results to claim they have "100% detection" (for example if they scored full on the independent lab tests). If a vendor performs badly in these independent lab tests it neither means they are actually "bad". The problem is how the media presents these results and the lack of understanding by the viewers. Social engineering... E.g. Bitdefender came top one year = hundreds/thousands of people believe it is #1.

However, VB (Virus Bulletin) are very nice and honest and I personally like them a lot and have lots of respect for them. If you contact them as a developer you can submit your product for free and they will provide you back feedback/private results. They are honest, I know this since a friend of mine contacted them before, and they pointed out all the negatives in the product to help him improve.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top