You’re religious about backing up your data. But with a new form of ransomware making the rounds, you may also be backing it up and protecting it, so it can re-execute later when you least suspect it. This new form of ransomware, known as sleeper ransomware has a built-in time delay before it launches—so its makers hope that by the time you’ve backed up your system and data, it’s been safely archived as well—to strike again.
So, when this ransomware executes the first time, you reach for the backups, thinking you’ve outsmarted the criminals. However, a copy resides in your backups too, waiting to execute all over again after you do the restore. It’s a Catch-22!
A new cybersecurity firm, Cyemptive Technologies, has what it thinks to be the first fix to this new sleeper ransomware attack. The company, winner of the Department of Homeland Security’s national competition for the most innovative border security-related solution, has executives from some heavy hitters—Hitachi Data Systems, Microsoft, the National Security Agency, HP and the like.
I spoke with the company’s founder and CEO Rob Pike to find out more about Cyemptive and the new tools criminals are using today.
FE: How and why did you start Cyemptive?
Rob Pike: I have been working to deliver disruptive ideas all my life. When working on a new marketing platform in 2014, it became apparent that it was vulnerable to hacking, so I turned my attention to fixing the issue. The security solution I invented proved to be very successful. It rapidly became apparent that the value of this cybersecurity solution would overwhelm the value of the marketing platform solution. This is what now drives our Cyemptive vision: “To make the world cyber-safe.”
FE: What distinguishes Cyemptive from other similar cybersecurity firms?
Rob Pike: Put aside preconceived notions about the cyber protection capabilities of machine learning, API monitoring, checksums, white lists and signature-based detection—they are not working. We have to do it differently with a disruptive technology. Cyemptive provides the difference—we are preemptive.
Current solutions attempt to reduce detection time from months to days with “big data” and machine learning analytics. However, data “exfiltration” happens in seconds to minutes. Even large corporations that are heavily investing in existing cybersecurity “solutions” are being compromised and exposed frequently. The problem is getting worse because the rate of offensive hacking is growing 10 times faster than defensive protection.
FE: Are your solutions software, hardware or both? Please describe.
Rob Pike: We provide our software solution(s) on Cyemptive controlled standard hardware. Our technology suite reduces time to detect, isolate and repair to seconds. We contractually commit to customer performance measures service level agreements (SLAs) reflecting this timeframe.
FE: How long has sleeper ransomware been in the wild?
Rob Pike: Sleeper ransomware is a wolf in sheep’s clothing. It is another example of hackers leading the way. Hidden in supposedly normal files, sleeper ransomware very slowly and methodically encrypts files, avoiding detection by current AI detection technology, which relies on actual previous attack vectors that are different and not yet identified.
FE: Does the new ransomware run on Linux/UNIX systems, along with Windows? Why is it really dangerous?
Rob Pike: We have observed sleeper ransomware execute on Windows, Linux and Unix systems. Sleeper ransomware is really dangerous because current technology is incapable of detecting or preventing the impact of losing key data, whether current or backup. Cyemptive is the first solution to stop the problem. Current technology relies on dealing with attacks after they have occurred, too late to prevent actual compromise and/or data loss. Just think of major corporations announcing compromise even though protected by existing so-called solutions.
FE: How do you protect against sleeper ransomware?
Rob Pike: Cyemptive’s CyScan technology is a platform that scans the state of files to detect both known and unknown forms of encryption and stop ransomware and many other forms of malware before they become a problem. We can reliably detect ransomware encryption prior to activation. Our lab testing results show we are able to detect an encrypted file greater than 99% of the time, and in production has delivered detection results greater than 1,000 times compared with existing technologies combined.
FE: What is the key to protecting corporate systems when so many people are working remotely today?
Rob Pike: Cyemptive’s patented and trade secret technology enables a suite of solutions that, when utilized together, moves the detection and protection bar from months to seconds when it comes to cyber defense, including remote users. Cyemptive commits to support this breakthrough technology by offering customers performance-based SLAs (CySLA) that reflect these timeframes.
FE: What’s your take on protecting industrial control systems? How vulnerable are they?
Rob Pike: Industrial control systems are under constant attack at the same or greater level as other systems. A different approach is needed as today’s solutions are not working. It is important that Cyemptive shares our threat knowledge and informs entities that Cyemptive’s revolutionary technologies can detect ransomware or other malware attacks at the network and system layers. According to industry research, ransomware attacks are on the rise, and companies are increasingly succumbing to more sophisticated and expensive ransomware attacks at a cost of more than $7.5 billion in 2019.
FE: How do you work with clients?
Rob Pike: Cyemptive offers solutions and managed service with seconds-based SLAs to provide customers with a new level of protection against cyberattacks. Customer focus is our mantra, and I refer you to three of our five Cyemptive core values to reflect the nature of our customer focus: trustworthy, integrity and respectful.
FE: What’s your view of the future IT/OT world?
Rob Pike: The IT/OT world is in deep cybersecurity trouble and needs a fundamental change. Cyemptive provides this revolutionary solution. We have to match the exponential pace of technology development with cyber protection innovation.
FE: Anything else?
Rob Pike: I recognize that the current COVID-19 pandemic highlights the fundamental contribution of the food and beverage processors, associated supply chain suppliers and, most importantly, the essential nature of the workers in this industry. Cybersecurity protection of the food lifeline of the United States, and globally, is essential to protect the country now and into the future.
For more information, visit www.cyemptive.com.