Greg Edwards has been a technology entrepreneur since 1998. His last startup was an offsite backup and disaster recovery company called Axis Backup. Greg also owns WatchPoint IT, a Managed Service Provider founded in 1998 that utilises a full stack security approach to stop cyber attackers from infiltrating and crippling their client’s technology systems. In 2017, Greg started CryptoStopper, an anti-ransomware deception technology business.
We spoke with Greg about CryptoStopper, the state of ransomware in 2021, and what businesses can do to remain protected against this increasing threat.
Until recently, ransomware was actually on the decline
Ransomware first started to hit servers in 2012. The evolution of bitcoin and cryptocurrency allowed hackers to get paid anonymously, which opened the door to the cybercrime we’re seeing today. But in the pre-pandemic world of 2019, ransomware attacks had been declining since the previous year. Cyber criminals were turning their attention to crypto mining.
2020 changed everything (but we already knew that)
With the explosion of remote work in 2020, instances of ransomware attacks exploded, increasing sevenfold on levels seen in 2019.
Fast forward to 2021 and we’re seeing unprecedented levels of ransomware attacks. There are now over 1,800 different variants of ransomware out there. They’re increasing in frequency, increasing in sophistication, and the ransom demands are increasing too. The average ransom now paid is over US$300,000.
But that’s an average. On the low end, businesses might pay $60,000. On the high end, it’s millions. In 2020 Garmin, the GPS company, paid an eye-watering US$10 million ransom.
Now, we’re seeing a more sophisticated threat
We’re now seeing even more dangerous ransomware variants emerge, with the inclusion of even more malicious added extras. They’re going after backups and wiping those out first, exfiltrating business’ data instead of encrypting it, and threatening to sell this information on the dark web.
And users aren’t getting any smarter. Over 50% of ransomware attacks are still occurring through phishing emails.
It can be a lost cause
In America, the FBI actually recommends paying the ransom. It’s not their first option, by any means, but if you’ve got no backups and no other choice, then it’s the only possible way to get your data back.
But there’s still honour among thieves
Greg notes that high-end ransomware attackers actually—surprisingly—have good customer service.
For example, they might work with you by giving you a decryption key that unlocks a minimal amount of files, demonstrating that they’ll make good on their claim. He’s even seen situations where attackers have drafted a written agreement that guarantees complete file recovery, and they won’t attack you within the next year.
Yes, cybercriminals are offering one-year guarantees now.
Cybercrime is big business
One of the most common ransomware variants in 2020 was RYUK. In 18 months, the hackers behind this variant made $150 million from it. And this, Greg points out, is why ransomware isn’t going away any time soon. There’s so much money to be made from it.
To make that kind of money in that time frame, it can’t be just one person running the operation. Greg estimates it to be an organisation of at least 30-40 hackers.
And that’s just what this situation is: it’s organised crime. Deploying ransomware from an undisclosed location is much, much safer than, say, drug or human trafficking. And with the heavyweight support of organised crime syndicates behind it, dealing in cryptocurrency that’s unregulated, unmonitored, and untraceable, it’s a problem that’s only going to increase in sophistication.
Cybercrime has a new enemy
CryptoStopper was born in response to a gap in the market.
When Hurricane Sandy hit the US coast in 2012, Greg and the team at Axis Backup performed nine simultaneous recoveries. In 2014, one ransomware variant hit 14 different organisations in the same weekend.
So when Greg realised he and his team were performing more recoveries due to ransomware attacks than natural disasters and hardware failures combined, he saw a need for a product that filled this gap.
How CryptoStopper works
CryptoStopper originally started as a unique PowerShell script. The script deployed bait files, and when attacked, the script would detect and neutralise the threat within nine seconds.
It took three years of development, testing, and building the portal to turn CryptoStopper into what it is today: a scalable anti-ransomware platform that’s functional for modern businesses.
Now, ransomware detection and neutralisation time is down to less than one second, on both the desktop and server side.
As Greg notes, there really aren’t any other products on the market, even now, that perform this function. Some of the better anti-virus platforms are starting to include ransomware protection in their suite; but no one else is using detection technology, deploying bait files to attract the ransomware to it. No one else has the speed to stop ransomware attacks in less than a second.
What do MSPs think about CrypoStopper?
When Greg talks to CryptoStopper’s reception from MSPs, he notes there was initially pushback from MSPs saying they could recover from backups instead.
Well, there used to be. It’s been two years since Greg has spoken with an MSP that hasn’t dealt with a ransomware attack.
After all, MSPs are on the hook for this recovery; it’s their responsibility to recover this data for their clients. And CryptoStopper provides a solution to this threat. It combats ransomware attacks in less than a second, with only four or five files to recover. Compare this to the alternative: the entire business goes down, all files lost. Every piece of data needs to be recovered, which takes at minimum one or two days.
It’s a huge difference.
What’s the next biggest threat?
Greg sees the next evolution of cyber attacks as cybercriminals going after the cloud solutions, taking down platforms like AWS and Azure. So that’s what Greg’s MSP, WatchPoint IT, is positioning and preparing for, with CryptoStopper also growing and developing protection for those cloud solutions.
Their current focus though is much more ground-level. Some malware is positioned to neutralise the user’s anti-virus software itself, so Greg and his team are focusing on ensuring anti-virus software can continue to run as attacks occur.
Ransomware is a problem that isn’t going away any time soon—so it’s critical that both businesses and MSPs remain protected. To investigate deploying CryptoStopper, head to getcryptostopper.com to get started, or email Greg directly at email@example.com to discuss your protection options.