Endpoint Solutions Aren’t Protecting Businesses Against Ransomware Attacks

Large scale ransomware attacks are projected to cost the global economy $193B

One of the security challenges that companies face is how to protect their important data from ransomware and other cyber threats.  Ransomware can hold company files or devices hostage, using encryption or other means, until the victim pays a ransom in exchange for access to the files or device.  In many cases, even if the ransom is paid, the victim is still not able to access their encrypted files.

Brilliance Security Magazine talked with NeuShield to better understand their solution for protecting against ransomware.

Your choices, when it comes to ransomware protection, have traditionally been to keep a current backup of all your data and restore these files after you have recovered from a ransomware attack or to simply rely on your endpoint security solution to detect and block an attack.  Backup and restore works great, but can be time-consuming, complex and expensive.  Relying on an endpoint security solution to protect your data is a risky proposition.  Depending on the specific attack, it may or may not be detectable by your particular endpoint security solution.

Statistics show that 2 in 3 businesses hit with ransomware permanently lost corporate data and that a company is hit with ransomware every 40 seconds, even when most of these victims have up-to-date endpoint protection running.

NeuShield feels they have a better solution.  Neushield’s Data Sentinel product does more than just detect and block ransomware.  They claim they can recover your damaged data from malicious software attacks without a backup.  Data Sentinel uses Mirror Shielding to protect files, ensuring that you can instantly recover your important data from any ransomware attack.

To explain Mirror Shielding, NeuShield says, “Imagine at work you had an important meeting with several coworkers to draw up a business plan. The business plan would be sketched out on a whiteboard and take several days to complete, meaning it would be left overnight where others could access it. However, unless you wrote it with permanent marker, it would be quite easy for someone to come by and erase it or modify it. You could put a note on the whiteboard to tell everyone not to erase it, but people may miss the note or just ignore it.

One way you could protect the whiteboard would be to put a piece of glass over it. Anyone who tried to write over or erase it would only affect the glass, the whiteboard behind the glass would be protected. When you come back the next day you can just wipe off the glass and your business plan would remain intact.”

When NeuShield Data Sentinel is installed, it adds a barrier to your protected files preventing them from direct changes. When an application tries to modify a protected file, it gets redirected and the file modification is stored on an overlay, keeping the original file intact. Later, if you want to go back to the original file you can simply delete the data on the overlay. This process of deleting data on the overlay is called reverting changes.

Watch below to see a demonstration of NeuShield protecting against NotPetya.

NeuShield told us that reverting back to your original files, after suffering a ransomware attack is very quick. But it is not just reverting files that is quick. Since the overlay only stores file changes, which need to be written to the disk anyway, there is virtually no performance overhead on your actual disk. NeuShield Data Sentinel can protect files allowing you to instantly revert undesired changes with virtually no impact to your computer’s overall performance.

Steven Bowcut, CPP, PSP is the Editor-in-Chief for Brilliance Security Magazine