REvil ransomware attack illustrates IT systems need for epidemiological investigation

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

The recent REvil ransomware attack has revealed that our computer systems are vulnerable to unknown and surprising pathogens, similar to our vulnerability to Covid-19. The hackers claim that the attack penetrated more than a million workstations, and demanded about $70 million to unlock them. However, the most important question is how the damage could have been reduced or prevented.


Let’s take a step back. Antivirus software comprises the first defense line (the IT immune system, if you will). The antivirus operating principle is simple: if malicious code is detected, it is signed by the various antivirus manufacturers and its hash is distributed as an update to the local antivirus installation. Thus, antivirus software can identify most malware and prevent them from damaging the computer.


Tomer Shemer, VP of Portnox. Photo: Courtesy Tomer Shemer, VP of Portnox. Photo: Courtesy


Nevertheless, similarly to biological systems, some viruses and vulnerabilities are unrecognizable by antivirus software. About 30-50 IT companies, including many Israeli ones, work to discover the meager number of yet undiscovered malware and yet unabused vulnerabilities. This activity is expensive and carries large premiums, but numerous organizations around the world would pay for such protective measures. Think about it – if a security operation is attacked by 1,000 different malware a month, the damage of even a single penetration would be catastrophic. Therefore, an antivirus that prevents 99.9% of attacks will not suffice.


However, systems identifying unrecognized threats are prone to false alarms. No wonder – anyone trying to find a new type of threat is likely to be sensitive to any anomaly or change. Yet the high number of false alarms that these systems provide causes many to ignore them or to disable the systems, quite similar to muting the sound of a cardiac monitor, thus remaining unprotected yet again.


One of the methods of containing the damage might sound familiar in the post-COVID world – isolation. For example, in the latest REvil attack, Kaseya software, serving as part of the supply chain, was damaged. The company warned customers over the weekend to disconnect their devices from the internet to…