Why Antivirus Cannot Stop Ransomware?
Did you know 93% of businesses hit by ransomware in 2016 had antivirus software installed? Quite a jaw dropping statistic if you thought antivirus was protecting your business against ransomware cyber criminals.
Signature Based Technology
You may ask, “So why doesn’t antivirus stop ransomware?” Traditional antivirus is a signature based technology that only detects “known” signatures. Antivirus keeps a digital fingerprint database that will try to match malicious fingerprints against the database. That’s why it is important to constantly update your antivirus software with the latest signatures. Then “known” variations of ransomware that have signatures will mostly likely be detected.
According to AV-TEST Institute “there are over 390,000 new malware programs reported and classified every day”. Each program requires a unique signature to detect the variation. It is a constant race for antivirus vendors to update the latest signatures on a daily basis and it’s easy to fall behind.
In Cisco’s Midyear Security Report they site the time to detection for the Angler payload Cryptowall that was dropped on April 24, 2015 at an average of 4 days. Even after 4 days of this particular ransomware variation only 32 out of 57 antivirus engines were able to detect it.
Ransomware developers use various techniques to evade detection. By simply making minor changes to their code base they can throw off antivirus detection tools and continue to profit. Don’t expect your antivirus software to detect or protect you in 2017.
Statistics collected from more than 1,000 businesses that were victimized with ransomware during the past year indicate that 85% found their computers had to be disconnected from the internet for one week. While 33% of cases led to inaccessibility of their data for at least one month. Most organizations using traditional firewall and antivirus technology are unprepared for a ransomware cyber-assault. Are you one of them?