Tackling ransomware: A conversation with the CEO of Airgap

Ransomware is a type of malware that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. Ransomware attacks have become a major issue in the cybersecurity space. According to Forbes June 2020 research, 51% of organizations have been impacted in the last 12 months alone.

We spoke with Ritesh Agrawal, the CEO and co-founder of Airgap, a Cervin portfolio company in the cybersecurity space, to discuss the issue of ransomware and what companies can do to protect themselves.

Q: Why are ransomware attacks becoming more prevalent?

Q: What defenses are companies using against ransomware?

Attack Stage 1

Current Prevention Techniques
Organizations typically use anti-virus and anti-malware solutions to protect the “first victim”. While these solutions are helpful, they aren’t necessarily sufficient for two reasons:
(1) They won’t work for unmanaged devices such as a smart TV, smart thermostat, smartwatches, or other device connected to an organization’s network.
(2) They take a few minutes to identify a bad actor’s presence, and in that time, ransomware can spread.

Attack Stage 2

Current Prevention Techniques
There are no known security solutions that protect against such propagation. Hence organizations often resort to less effective networking or DIY techniques.

Attack Stage 3

Current Prevention Techniques
Organizations often resort to retrofitting solutions like next-generation firewalls (NGFWs) or web-application firewalls (WAFs) to protect internal applications. Such solutions are only partially effective and still offer network-level access, which results in an increased risk of exposure and exploitation. Alternatively, organizations claim to have robust storage backup plans. However, the bad actors have resorted to stealing the data and threatening the organization to release stolen data into the public domain.

Once the organization is breached, it is important for the SecOps (Security Operations) teams to have a clear remediation plan. However, after talking to hundreds of CIOs, I’ve realized many organizations aren’t well prepared for such an event. When asked, a typical answer I get is “we’d start yanking the cables” — which is not a viable option for any organization.

Q: What are the repercussions on the IT team when a company gets hit by ransomware?

Of course, ransomware attacks have impacts beyond the IT team. An attack can mean damage to the brand, loss of business productivity, and permanent loss of mission-critical business data. The financial impact can be huge and the actual ransom payment can be millions of dollars.

Q: What are some best practices against ransomware attacks as companies transition to remote work?

Flaw #1: Shared VLANs

Recommended Solution
Implement a proven Zero Trust model to isolate each device and only allow authorized lateral communication. Any infected device will then be confined, and the attack won’t be able to propagate laterally. Ensure that you pick an agentless Zero Trust solution to protect all devices — managed and unmanaged.

Flaw #2: Network-level access

Recommended Solution
Implement bank-level security and MFA for your private applications. It just takes a few minutes, no design changes, no agents, and no application changes.

Flaw #3: Ransomware kill switch

Recommended Solution
The best method for the SecOps organization is to have a one-click “ransomware kill switch” that can instantly protect the organization by shutting down access to enterprise crown jewels such as storage systems and all non-critical infrastructure services such as printing or music streaming. Then once everything is safe, turn it back on.

Q: Which of these flaws is Airgap addressing?

Airgap Networks is a Cervin portfolio company, and Ritesh can be reached at ritesh@airgap.io.

Cervin Ventures is actively investing in entrepreneurs and companies that intend to rapidly disrupt the B2B software space