A Key Gap Remains in Your Ransomware Response Strategy

Nubeva
04 May 2022

TLDR: Ransomware continues to grow in volume and consequence.  A significant gap remains in ransomware preparedness strategies between “keeping them out” (cyber defenses) and “recovering when they get through” (snapshots, back-ups, disaster recovery).  Over the past 100 days since Nubeva launched Ransomware Reversal technology, clear themes have appeared as to why, despite best efforts, ransomware continues to cripple organizations. Let’s talk about why Nubeva Ransomware Reversal adds a critical new control that fills this gap - the ability to decryption ransomware without paying the ransom. 

Fill the gap In your ransomware response

The Reality: The US alone has been experiencing 4000+ attacks every day for several years, and the damages are growing exponentially. In 2017, ransomware accounted for $5 billion in losses and soared to an estimated $20 billion in 2021. The threat shows no mercy, targeting businesses, organizations, and governments of all sizes and maturities. And more often than not, organizations choose the pay the ransom to recover because the cost of downtime is too grave for an organization to swallow. 

But Why? - Our customers weigh in - Organizations are spending more on cybersecurity than ever before. Cyber-security detection and prevention tools keep getting better. The introduction of back-ups and snaps shots are widely adopted. In theory, successful ransomware events should be going down, yet the volume and consequence continue to rise.

As we speak to customers and prospects, the reports that most organizations have experienced a ransomware attack hold firm. However, the details vary from organization to organization, making it difficult for IT and security teams to cover every base. With ever-changing business dynamics, avoiding gaps with current options is impossible. Some common statements (paraphrased)

  • ‘Yes, we have a leading EDR solution, but when going through a merger, the company we acquired had some gaps. While we worked to standardize systems, those gaps were, unfortunately, exploited.’
  • ‘It happened so fast, and on a holiday weekend to boot. By the time our systems detected it and we could respond, it was too late.’
  • ‘We know nothing is 100%, so we put in place backup and snapshots. But as we went to recover, it was quickly realized how long that recovery would take. So we had to pay to get our systems and operations back so we could meet customer deadlines.’
  • ‘We were required to pursue extensive steps to qualify for our cyber insurance. As we worked through those requirements, we got popped. And ironically enough, we learned the extent of what would truly be covered - Not enough.  We exhausted our coverage and still had significant out-of-pocket damages.’
  • ‘One of our board members called a special session as one of their other companies essentially went out of business because of the fallout of a ransomware event. So now, we are sprinting to get our strategy in place - but deploying new cyber-security and changing architectures and processes to support back-ups takes significant time.’

Based on 100’s conversations with customers and prospects of all shapes, sizes, industries, and maturities - the following facts consistently appear: 

1) Leading EDR, XDR, and Next-Gen Firewalls continue to be effective upwards of 95%+ of the time. But if we do the math, with the pure volume of attacks, they get through. Many organizations have less capable security systems, leaving them more vulnerable. 


2) Back-ups and snapshots (cloud or local) are essential to organizations. But, many organizations experience one or more backup flaws, including but not limited to: backups are not run frequently enough, backups are incomplete, backups fail to complete, backups fail to restore, ransomware corrupts backups, the point of recovery still leaves us with lost data, the time and resources to recover is still significant. 


3) Even with the best technologies available, most organizations don’t have the ability, staff, or budget to implement every layer of defense, protection, and contingencies or maintain that at peak levels while their attack surface and vulnerabilities continue to change and expand.


4) Cyber insurance costs and coverage are mandating more technologies and business controls that many organizations cannot afford as prerequisites.  Once eligible, insurance costs are skyrocketing, and while coverage is increasingly limited, ransomware costs and damages can quickly overrun coverage.

Indeed, in analyzing the above, a protection gap begins to emerge. While it may be hard for IT and Security teams to put a finger on, Ransomware gangs clearly see, and they continue to iterate and improve their software and executions to exploit it.

Enter Ransomware Reversal: Nubeva offers a new solution to the gap between cyber defenses and recovery from back-ups. The missing option for response is giving victims of an attack the power to decrypt ransomed files and recover systems without paying a ransom, regardless of the availability of backups.  Nubeva enables teams to not only recover but provides the ability to decrypt data right to the precise moment before the encryption, thus restoring the system to the exact moment before the attack, aka reverse ransomware.  The net benefit is reduced recovery costs and time and, therefore, a significant reduction in business interruptions and costs.

A radically different approach: Our technology focuses on ransomware's primary weapon, the encryption itself. By not trying to detect the tens of thousands of variant behaviors and focusing on the few viable encryption methods, we can reliably detect and protect against every mutating threat.

How it works? - Our silent, efficient sensor detects encryption events on detonation, grabs copies of the encryption keys, and stores them for safekeeping in the customer's environment. When the threat has been removed from the environment, Nubeva supplies a smart ransomware decryptor for the variation. The organization can decrypt the encrypted files and systems to get back to business using the captured keys during the attack. 

The solution is simple to install, virtually effortless to maintain, and priced to be a no-brainer backstop to every ransomware protection strategy. 

Learn more about this new innovative technology and schedule a demo. https://www.nubeva.com and watch a quick 5-minute overview + demo against CONTI ransomware