Content, Content

SentinelOne Study Asks: Does Legacy Antivirus Blunt Ransomware?

Raj Rajamani

Ransomware is pervasive and costly, new research from security provider SentinelOne uncovered, based on input from 500 mid-size organizations worldwide.

What’s to blame? Ineffective legacy antivirus software is one of the primary culprits for failing to prevent ransomware attacks, SentinelOne concluded from the data. It’s a costly price for businesses to pay: Ransomware attacks cost individual companies an average of nearly $900,000 a year, including the ransom, work time lost and time spent responding, the security specialist said.

The SentinelOne Global Ransomware Report 2018 produced a fair amount of evidence to point the finger at legacy antivirus, largely for not producing the antidote. The better road to follow is endpoint solutions, said the vendor, which itself develops such platforms. Apparently, a good number of the study’s respondents agree:

  • Roughly 70 percent of the survey’s participants that have swapped their legacy antivirus for endpoint solutions.
  • Employee carelessness, cited at 56 percent by respondents, is the primary cause of ransomware infection.
  • Ineffective legacy antivirus protection at 53 percent is seen as the next factor in opening doors for ransomware attacks, followed by tardy responses at 33 percent.
  • 96 percent of respondents’ organizations infected with ransomware are confident they can prevent future attacks.
  • Of those, 68 percent credit next generation endpoint protection for their conviction.

SentinelOne’s research also shed some light on whether organizations should give into cyber extortionists’ ransom demands, concluding payment should never be offered. What will follow, the study suggested, is more attacks along with an increasing inability to unlock encrypted files. In other words, if you pay up it will only get worse:

  • While 45 percent of U.S. companies hit with a ransomware attack last year paid at least one ransom, only 26 percent had their files unlocked in return.
  • U.S. organizations that paid the ransoms were targeted and attacked again with ransomware 73 percent of the time.
  • 44 percent of respondents claim that employees have paid a ransom without the involvement or sanction of IT/security teams.
  • The average value of ransoms paid by U.S. companies was $57,088, compared to the global average of $49,060.
  • On average, staff in U.S. businesses hit by ransomware spent 44 hours responding to the infection, compared to the average of 40 hours spent worldwide.

The report also found that negative fallout from a ransomware attack reverberates beyond the victimized organization and its workforce to third-party suppliers and partners:

  • 46 percent of respondents said third-party suppliers and partners experienced downtime.
  • 35 percent said third-party suppliers and partners lost productivity.
  • 20 percent said third-party suppliers and partners lost revenue.

“Attackers are continually refining ransomware attacks to bypass legacy AV and to trick unwitting employees into infecting their organization. Paying the ransom isn’t a solution either – attackers are treating paying companies like an ATM, repeating attacks once payment is made,” said Raj Rajamani, SentinelOne VP of products.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.