Secure a Chain of Data Custody
Chain of data custody should be maintained to ensure admissibility and evidence integrity.
Clients utilizing Data Guard are able to fulfill chain of custody requirements with complete transparency and auditability of file activity. AI-powered sensors capture and log events such as who accessed a file, at what time, and whether a file was modified, downloaded and/or shared.
Make Your Files Invisible To Ransomware
If they can see it, they will attack it. Block ransomware and other cyberthreats from locking your photos, videos, and personal data and demanding payment. Hide your files from ransomware and proactively fight threats at every stage of the attack chain to ensure that your files are always protected.
*IDC Report **SonicWall
Get A Free Trial
Get early access to Data Guard's disruptive solution.
One of the most infamous ransomware variants
As its name suggests, WannaCry’s unfortunate success has led to much grief. Starting in May 2017, WannaCry has infected over 300,000 computers in practically every country in the world by taking advantage of an unpatched Microsoft Windows vulnerability (MS17-010). While a patch was released, some estimate millions of computers remain vulnerable.
EternalBlue, an exploit that was allegedly developed by the United States’ National Security Agency (NSA), was released publically by a group of hackers called the Shadow Brokers. EternalBlue allowed WannaCry to spread rapidly, with DoublePulsar being the ‘backdoor’ installed on the infected computers.
The $2 billion ransomware
Discovered at the end of 2018, GandCrab is part of Ransomware-as-a-Service (RaaS) deployment and has quickly become a very commonly seen ransomware threat. GandCrab is the first ransomware to demand payment in DASH cryptocurrency and while utilizing the “. bit” top level domain (TLD). This TLD is not sanctioned by ICANN and it therefore provides an extra level of secrecy to the attackers. GandCrab uses AES-256, RC4, and RSA-2048 encryption for encrypting AES keys, the victim’s data, and Network traffic data respectively.
Perhaps with a sick level of obnoxiousness, the developers of GandCrab boasted that they were shutting down their operations in January 2019 and retiring after their ransomware made a $2 billion in total, netting them $150 million personally. The crooks behind GandCrab actively updated their RaaS, keeping up with new security patches. Will GandCrab ever come out of retirement?
Sodinokibi is allegedly distributed by attackers affiliated with those that distributed the infamous GandCrab ransomware. Perhaps hinting to a level of state-sponsorship, Sodinokibi avoids infecting computers from Iran, Russia, and other countries that were formerly part of the USSR. The ransomware uses an Elliptic Curve Integrated Encryption Scheme (ECIES) for key generation and exchange (Elliptic-curve Diffie-Hellman key exchange algorithm).
Sodinokibi uses AES and Salsa20 algorithms to encrypt session keys and user’s files respectively. AES is also used to encrypt network data that is sent to the control server. The ransomware typically demands from the victim around 0.32806964 BTC (≈ $2,500) to regain access to the encrypted files.
No charity with this Robbinhood
Despite its name, RobbinHood ransomware is not stealing from the rich to give to the poor. Instead, the malicious code which is gaining popularity in the black hat worlds, targets enterprise and critical government infrastructure, feeding ransom to itself. In 2019 alone, RobbinHood successfully attacked and received ransom payouts from the cities of Baltimore, Maryland, and Greenville, North Carolina.
Robbinhood’s ransom isn’t at all cheap. Demands from the malicious actors can range from 3 Bitcoin for a single computer up to 13 Bitcoin for a organization’s network, which translates to tens of thousands of dollars. Some cities have reportedly paid millions.
Data Guard takes a proactive approach to defending against ransomware by ensuring that malicious software is made harmless and automatically deleted. Unlike other solutions, Data Guard does not require user interaction nor IT oversight.
Ransomware is a form of malware (trojan or other virus) utilized by malicious actors to extort money from individuals, businesses, and governments. While many types of ransomware exist, a typical attack encrypts a victim’s data and displaying instructions how to pay a ransom payment – usually in the form of cryptocurrencies like Bitcoin. Ransomware is not cheap and there is no guarantee for success in decryption.
In fact, while cybercriminals promise to provide a decryption key upon payment of the ransom – 40% of victims who pay unfortunately never regain access to their data.
Phishing attacks, in which a victim receives a legitmate looking email that tricks them to click a malicious link or open a infected attachment, are often used with disasterous success to spreading ransomware.
While many corporations and organizations have instituted countless hours of cybersecurity training, cybercriminals are often devising new manners to inject ransomware into networks. Training unfortunately only goes so far. In fact, a test of 1000 CIOs revealed, 32% clicked on a potentially malicious link. The lapse of a single user can put an entire company at risk.
Conventional anti-virus software which look for previously classified types of ransomware cannot keep up with today’s ever-evolving threats. Data Guard’s AI stands ahead of the pack, detecting ransomware attacks based on suspicious activities, preventing the malware from taking any malicious action, and automatically deleting it.
Ransomware has become an enormous business perpetrated by both organized crime and nation-state actors.
Organized criminals are motivated by extorting as much money as possible. Increasingly they distribute their malware as ransomware kits that anyone can use – even if they don’t have much technical expertise. The ransomware as a service (RaaS) model sadly has been very effective at spreading their malicious software. The criminals facilitate the payments and decryptions while taking a percentage of the collected ransom.
Nation-states have utilized ransomware as a means to both to a source of revenue and a manner to disrupt the economic and governmental well-being of their rivals. The large resources a nation-state has at its disposal to mount such attacks is especially perturbing.
The majority of popular ransomware strains utilize such strong encryption that decrypting files is unfortunately not possible. In limited cases, older ransomware families (Rakhni, Agent.iih, Aura, and a few others) have decryptor’s available.
With Data Guard, you don’t need to worry about ransomware even taking a hold in your computer, let alone encrypting your data. Protection is automated and far-reaching. Ransomware is deflected.
The simple answer is no. While some antivirus solutions protect against older versions of ransomware, this protection is done “after the hack”. The only way to defeat ransomware is to not allow it to take hold of your files in the first place.
Documents can be shared with any platform such as Windows, Mac OS, Linux, iOS and Android. Data Guard will be shortly releasing clients on Mac OS, iOS and Android.
We take pride in our partnership with Microsoft, a leader in security automation and intelligence. Active Cypher leverages many of Microsoft’s tools, providing enhanced security.