The vexing tech challenge of fighting ransomware: A battle of milliseconds

Jordan Robertson, Bloomberg News on

Published in Business News

115 milliseconds.

As quick as a blink, that’s the amount of time a new technology — developed by researchers from Australia’s national science agency and a university in South Korea — takes to detect that ransomware has detonated on a computer and block it from causing further damage.

The finding seeks to address a vexing challenge that has stymied international efforts to stop such attacks. As hackers execute bolder attacks with bigger potential payouts, computer scientists are pushing the limits of software to make near-instantaneous decisions and save victims from ruin.

A spree of recent ransomware attacks have focused attention on the issue and spurred booming growth for part of the cybersecurity industry — one that has benefited from a presidential endorsement of sorts.

Since 2016, spending on “endpoint protection” software has more than doubled to $9.11 billion last year, according to data from Gartner Inc. Those are cybersecurity tools that protect “end user” devices such as laptops and desktop computers, which are vulnerable to being hacked through their users clicking on malicious links or phishing emails.

Last month, U.S. President Joe Biden issued an executive order that will require civilian federal agencies to deploy a specific type of that technology, called endpoint detection and response software, on their networks. Leading companies include SentinelOne Inc., Cybereason Inc., Microsoft Corp. and CrowdStrike Holdings Inc., according to Gartner.


The innovation of that software is that it blocks files deemed to be malicious — what traditional antivirus does — and goes a step further, automating the hunt for suspicious behavior on users’ machines, aiming to identify poisoned code before it causes damage, according to Oliver Spence, co-founder of U.K.-based North Star Cyber Security. Still, Spence said the technical challenge remains daunting.

“Solving ransomware is magnitudes harder than solving spam and that isn’t solved yet,” he said. “How do you tell which email is legitimate or not? How do I tell if a process is legitimate or not? Solve either problem completely, and you are well on your way to being rich enough to retire.”

Ransomware is a type of cyberattack that encrypts files on victims’ computers, rendering them useless until a ransom is paid. It can take just minutes to cripple an entire network. The recent hacks of Colonial Pipeline Co., which shut the biggest gasoline pipeline in the U.S. for nearly a week, and of JBS SA, which temporarily shut all U.S. beef plants for the largest meat producer globally, have exposed gaps in protection for critical industries.One of the few ways to get ahead of the problem is to have security software running deep inside a computer’s operating system. There, it can see each program — or process — running on the machine and have the best shot at distinguishing between legitimate and nefarious ones.

“The technology exists to identify authorized processes versus unauthorized processes — that’s actually not that terribly hard,” said Lawrence Pingree, a managing vice president at Gartner. “The hard part is that ransomware, as a category, can use many hundreds of techniques including modifying or injecting authorized processes. Most security practitioners will tell you that it’s a race condition where defenders keep augmenting security to match the changing threats.”


swipe to next page
©2021 Bloomberg L.P. Distributed by Tribune Content Agency, LLC