Security solutions including ransomware remediation bolster resiliency and business continuity.
Ransomware is a critical threat that can instantly encrypt and lock users out of business computers, halting essential work processes. According to IBM’s Cost of a Data Breach Report 2024, the average cost of a ransomware attack is a staggering $4.91 million, with expenses escalating if law enforcement is involved. Recovery can span days, months, or even years, depending on the threat actor's persistence and the security team's preparedness. For companies that face double extortion ransomware – where cybercriminals encrypt sensitive user data and also threaten to publish it on the dark web, sell it to the highest bidder, or restrict access if the ransom is unpaid – the timeline for recovery can be even longer.
This makes recovery and related expenditures not just problematic, but potentially devastating, often leaving businesses at the mercy of cybercriminals even after paying the initial ransom.
A critical landscape for businesses of all sizes
The rapidly evolving nature of ransomware, including the involvement of nation-state actors, has created an increasingly hostile threat landscape for small and medium-sized businesses (SMBs), enterprises, and state infrastructure. Ransomware now accounts for 23% of all breaches, with SMBs particularly vulnerable due to limited cybersecurity budgets. In the Asia-Pacific region, 1 in 4 attacks against SMBs were ransomware-related, according to ESET. The urgency to bolster defenses has never been greater, as the frequency and sophistication of these attacks continue to rise.
What is ESET Ransomware Remediation?
Minimizing business impact in the event of a ransomware attack is paramount. Thus, ESET Ransomware Remediation (RR) combines prevention and remediation into one, providing a comprehensive multistage approach to combating encryption.
It all starts with the ESET Ransomware Shield (RS), which is triggered by suspicious actions. Like other behavioral detection systems, such as the ESET Host-based Intrusion Prevention System, it works in concert with ESET LiveSense technologies, dissecting and analyzing malware to its core. If ransomware is likely, RS flags it and initiates remediation.
ESET RR then starts creating file backups for any file operation impacted by the flagged process (before it can make any modifications). It will continue to do so until RS decides the process is OK, at which point the backup is discarded. Otherwise, RS decides the process is malicious, kills it, and rolls back files from the backup.
Ransomware Remediation is highly configurable. Adding or removing file types that need to be backed up can make a large difference.
This backup process is much more robust, as unlike Windows Volume Shadow Copy-based solutions, it is not a local service that can be abused by the attackers. RR has its own protected storage section on the drive where files cannot be modified or corrupted, nor can the backup be deleted by the attacker. This solves and actively blocks one of the most common failings of regular backups following a ransomware attack.
Days of future past
The role of the admin in the RR process is to understand the capabilities and add file types to the filter that RR applies when creating backups. The only limit to the backups is disk size (and a max size of 30MB per file).
While ESET Ransomware Remediation is very powerful, having other backups as described by the 3-2-1 rule is still a best practice. Always remember to have at least three different copies of data (including the original), two different media types (disk, tape), and one off-site copy (cloud).
All in all, ransomware can be quite sophisticated and troublesome, but it can still be combated. And thanks to secure backups, time travel is not so sci-fi anymore.
For more information on how ESET Ransomware Remediation works, please visit our webpage.