Brian Linder is an Emerging Threats Expert and Evangelist in Check Point’s Office of the CTO, specializing in the Modern Secured Workforce.  Brian has appeared multiple times on CNBC, Fox, ABC, NBC, CBS, and NPR radio, and hosts Check Point’s CoffeeTalk Podcast and Weaponizers Underground, and has teamed on keynote CyberTalks at Check Point’s CPX360 events.  For 20+ years, Brian has been an advisor at the C-level to firms big and small in financial, legal and telecommunications, on next generation cybersecurity solutions and strategies for cloud, mobile, and network. Brian holds a B.S. in computer science from Drexel University and an M.S. in Information Science from the Pennsylvania State University. 

In this dynamic expert interview, cyber security expert Brian Linder discusses ransomware wins, ransomware fails, and why demarcating the two represents an ambiguous and non-linear pursuit. Plus, discover expert perspectives that can help you reassess and reevaluate your ransomware prevention and defense frameworks.

Should we be celebrating some kind of victory when we read about a ransomware gang getting shut down?

A good example to analyze is REvil. The REvil group was behind many ransomware attacks that have proven highly profitable. These attackers maintain regular websites, they operate on the dark web, they have a cloud infrastructure and there are numerous, nuanced elements of their production; they have domain names…etc.

On July 13th of this year, media outlets reported that REvil’s operations were suddenly “mysteriously shut down.” Some news outlets correlated this with a demand by President Biden for international authorities and politicians to take action regarding the bombardment of US organizations with ransomware. After REvil disappeared, people everywhere were throwing their hands up in celebration saying, ‘Yay, we’re winning the fight’.

Well, the reality is that we’re not really winning the fight.

It’s true that on some occasions, nation-states are involved in ransomware threats. In some cases, ransomware gangs ought to be shut down for a political reason and that they do legitimately disappear afterwards. However, most of the time, this is not the case.

What actually happens is that these groups opt to reinvent themselves. “Indeed, some of the most destructive and costly ransomware groups are now in their third incarnation,” says renowned cyber security researcher Brian Krebs.

These ransomware groups know that they can “fake their own deaths,” creating a moment where people think that the groups have been expunged from the internet. Yet, in fact, what they’re doing is retooling and reemerging under a different brand name. In some cases, they reappear with more monetary resources than previously and with more highly evolved tools. As Brian Krebs says, “Reinvention is a basic survival skill in the cybercrime business.”

The bottom line is that we’re fooling ourselves to think that we’re winning the fight against ransomware by disbanding ransomware gangs.

Is it a battle that we’ve lost?

‘Is it a battle that we have lost?’ is a burning question. No, it is not a battle that we have lost. First of all, thanks to the press and thanks to a few high-visibility ransomware attacks that made the cover the Wall Street Journal and other C-level media outlets, the reality of ransomware and all that it encompasses has reached executives.

You need to be looking at innovators in the cyber security white hat ecosystem who have built tools that can not only detect the presence of malware -because it all starts with malware of some kind- but that can also detect the presence of an actual ransomware attack in-progress. You need to be able to stop ransomware in its tracks without human intervention; without highly skilled and hard-to-find cyber security experts staring at a screen 24 hours per day waiting to catch an attack as it unfolds.

You need tools that are working on ransomware detection automatically and that can provide a rapid response. Avoiding ransomware requires an evolved toolset on the endpoint that offers robust, multi-layered protection.

Reinforcing cyber security awareness among staff is cheaper than technology investments. Should organizations start there?

We will never get around the fact that humans are the weakest link. Expecting someone to never click on a link that they shouldn’t click on is completely unrealistic, even with training. It’s a ridiculous thing to say that ‘I train my users to never click. Therefore, no one will accidentally click on a malicious link.’ Therefore, prevention and defense technologies are also must-haves.

Other cyber security falsehoods around ransomware?

Another falsehood that we hear a lot of is “My company would never be attacked. We are too small, too niche, or too __[fill in the blank]__.” If you are not prepared, your day as a victim will arrive. You need a multi-layered defense and the war against ransomware can be won.

PS. Don’t forget to sign up for the Cyber Talk newsletter here.