Rethinking Ransomware Defense: BullWall’s Innovative Approach to Containment

Multiple reports of ransomware attacks hit the news on a daily basis globally, indicating how difficult it is for organisations to protect against the very profitable attacks. What this clearly indicates is that the current strategy of prevention—preventing the malware from accessing IT infrastructure— is not working. According to Statista, spending on IT security grew from just under $100 billion in 2017 to a projected over $200 billion by 2024, but the outcomes have been far from positive. The reasons for this are varied and complicated, but the fact remains the current predominant approach of ‘prevention’ is insufficient, and a new last line of defense is required.

 For the ‘prevention’ strategy to work, it must work 100% of the time, against 100% of threats, 100% of the time – which is obviously unattainable.

A question for organisations to reflect on: What will you do in the first 30 seconds of a ransomware file encryption commencing?

 The reality for most organisations is that they will do nothing at all. 99% of the time, they will be blissfully unaware until users start complaining that they cannot open the files.

 Enter BullWall Ransomware Containment that steps into this gap. BullWall will NOT prevent a ransomware attack from starting (that is the role of countless other security products) but will isolate and shutdown the user and the device that introduced the malware within seconds of the ransomware attack commencing. The attempt to encrypt files started with an organisation becoming a victim of a ransomware attack; however, the attack is terminated by BullWall in seconds, ensuring that minimal numbers of files were encrypted, and that a full list of these is provided by BullWall, thus helping the organizations speedy recovery.

 BullWall utilizes the SMB protocol, developed by IBM in the 1980s, to securely enable file sharing, editing, and printing within the emerging client/server architecture. This protocol is supported by many operating systems, including all versions of Windows, Linux, macOS, and Android. SMB requires that the first line of all files serve as an indicator of their type, whether Word documents, Excel spreadsheets, text files, and so forth. 

 BullWall monitors for these events, does several additional checks, and if a ransomware event is detected, disables and switches off the user and device initiating the attack – ‘patient 0’, and initiates the configured alerting mechanisms, informing operations and providing a list of encrypted files.

 Utilising existing operating system functions enables the BullWall solution to provide rapid containment of an active attack within seconds. The solution’s simplicity requires no agents, can be deployed in a day or two, and does not impact network resources.

 ‘BullWall has over 1,000 customers and has contained ransomware outbreaks on numerous occasions, emphasising the need for a proactive last line of defence when existing preventative measures have been bypassed,’ says Co-Founder, Co-Owner and Chief Technology Officer, Jan Lovmand. 

 Lovmand further explains that BullWall Ransomware Containment has undergone rigorous testing against over 300 different real ransomware variants by their Red Lab Team. In these tests, BullWall detected all ransomware strains and families within seconds of malicious encryption starting.

 ‘In these tests, BullWall Ransomware Containment has detected all ransomware strains/families within a few seconds once malicious encryption begins. There are only a few ways you can encrypt a file to make it unreadable unless you are reversing the bits and bytes inside the file. It is this process that BullWall Ransomware Containment detects this instantly, regardless of how the malware got in and who or which process is doing the encryption’.

 Solid8 Technologies, in conjunction with BullWall, will provide an assessment to demonstrate how ransomware can bypass your existing ‘preventative’ solutions as well as how BullWall will contain the attacks. 

 

 Patrick Devine, Data Security Specialist at Solid8 Technologies

 For more information about BullWall, email us at info@solid8.co.za

 

Previous
Previous

Saviynt is named a Customers' Choice in 2023 Gartner® Peer Insights™ Voice of the Customer: IGA

Next
Next

Skybox Security report: over 30 000 new vulnerabilities published in past year