Why Didn't My AntiVirus Detect CryptoWall?

Chris Hartwig

cryptolocker_stamp.pngCryptoWall and CryptoLocker are ransomware software that encrypt your electronic files and demand that you pay $300 to $500 within 72 hours, or your data will be deleted. There are several different methods of infecting a computer system with crypto that we will analyze. One of the biggest questions we receive on a regular basis regarding crypto is "Why didn't my antivirus detect CryptoWall?” The constant stream of vulnerabilities pouring out of web browsers, plug-ins, and the Windows operating system make antivirus an important part of your system protection. However, as you will learn, antivirus is only 47% effective and shouldn't be depended upon as the final solution to blocking viruses and malware, but rather as a part of an overall layered approach to your network security.

  • Hackers create new malware on the fly
  • Antivirus is only 47% effective
  • Antivirus is signature based
  • New threats are created at a rate of 3.5 per second

Antivirus is a signature based solution that only detects known threats. Every time you open a file on your computer, that file is inspected by the antivirus software, and the file is compared to known viruses, worms, and malware. Your antivirus software may also perform a "heuristics" check that is a check of the file for suspicious behavior that might indicate the file is a new, unknown virus. This is also known as a zero-day threat that is a vulnerability in software that is unknown to the vendor. If hackers exploit unknown vulnerabilities and create a new exploit, the antivirus software will allow it to slip by. This is why antivirus is typically only 47% effective. It cannot quarantine and delete programs it doesn't know are a threat. Crypto variants are constantly being introduced, so it's impossible for the antivirus vendors to stay ahead of the game.

The next question that usually follows "Why didn't my antivirus detect CryptoWall?" is "Why didn't my firewall block CryptoWall?" A firewall only blocks incomingvirus_found_laptop.png connections. If you close unused ports on your firewall you can do a pretty good job of keeping hackers from initiating connections to services on your network, however, the firewall doesn't block outgoing connections made by yourself or others. 

Now that you understand why antivirus software and a firewall cannot block threats like crypto, you may be asking yourself "What can be done to stop these threats?" First and foremost, employees must be made aware of threats like viruses, ransomware, malvertising, and social engineering attacks. Educate them not to open emails from unknown sources and to inspect hyperlinks before clicking on them. They should also be educated to stay away from and not click on online advertisements. Antivirus and a firewall are necessary as well, but as stated earlier; they are only part of the overall layered approach to network security.

biometric_security.pngEmployee education, antivirus, and a firewall are the first steps to creating the layered security approach. To round out and complete your network security you need to incorporate a methodology of Prevention, Detection, and Response. To complement antivirus and the firewall you need a well-managed network where critical security updates are applied as soon as they are released. You need endpoint protection like Bit9 + Carbon Black to monitor your network in real-time, 24/7 and detect threats and suspicious behavior as they happen. You also need a team of forensic experts who can respond immediately to any threat. Another item you should seriously consider is protecting your business with a cyber liability policy. We have some recommendations when it comes to creating a cyber liability policy that can be reviewed here.

watchpoint overview video WatchPoint Data is the partner who can bring all of the elements of your layered security solution together. We offer state of the art antivirus protection, Bit9 + Carbon Black to detect malicious behaviors and a team of forensic experts who will respond 24/7 to inspect any potential threat to your system. If a threat is detected, WatchPoint Data's forensic experts will isolate the machine, communicate to the end user what has happened and inform the end user of the steps we will take to remediate the issue.

With WatchPoint's Security Solution For The First Time You'll:

    Green-Checkmark-20x19.png   Know someone is securing your business.

   Green-Checkmark-20x19.png   Have true visibility into your digital assets.

   Green-Checkmark-20x19.png   Have a support staff dedicated to safeguarding your network.


Latest Crypto Behaviour

Share this:

Entrepreneur Link



Subscribe to Email Updates

Recent Posts

Posts by Topic

see all