How Can You Eradicate Ransomware?
Is Big Data and data analytics enough to make malware a thing of the past?
In my previous installment on Ransomware, I answered the question: How can IT Managers prevent Ransomware a threat? Previously, I also look at what Ransomware is, and how to defend against it. In today’s installment, the final in this four-part series, we talk about how to eradicate Ransomware.
To many tech industry observers, the eradication of all forms of malware is little more than a pipe dream. But that dream is being chased by two very credible entities: the US government and Microsoft.
Both entities have laid out long-range plans and proposals to achieve their goals. Both have adopted a procedure familiar to most industries: When faced with a costly difficult-to-solve industry-wide problem, form a coalition and hope for the best.
Tech coalitions are usually formed in the name of innovation, but the result is frequently a new industry standard, a technology framework, or at the very least a new industry lobby group.
But not this time. The problems of cybercrime, cyberwarfare, and cyber terror will not be solved by a new standard or a lobby group. These illegal activities are very costly scourges that threaten the public, governments, and industry.
Microsoft and Data Analytics
In response to these threats Microsoft launched its Coordinated Malware Eradication (CME) effort – an open invitation for the entire community of IT security companies to form a coalition.
CME’s goal is to harness the community’s resources and experience and focus all of it as one coordinated front in the war against malware.
Currently the community of anti-malware product vendors, service providers, ISPs, and law enforcement agencies fight malware in parochial battles on behalf of their customers. They treat infections as a series of separate occurrences. There is little by way of broad-based intelligence-sharing. By joining forces, the coalition of stakeholders widens the battlefield.
There is not just more data to analyze, but a diversity of data that gives the anti-malware forces a multidimensional profile of how malware cyberagents operate in the field.
However, in the business of Big Data analytics, more data is far better. It allows the system to ferret out patterns of behavior in a multiplicity of circumstances and to produce more accurate results.
Having Microsoft as the organizer of the coalition is beneficial in a few ways. Windows is the world’s most popular operating system; it’s also the premier malware target so Microsoft’s malware database has to be an unparalleled resource.
Microsoft also owns Azure, one of the world’s largest cloud-computing portals. It’s a ready-made computing facility for an international coalition to work on such a complex project.
US Government Gets Involved
The National Institute of Standards and Technology (NIST) is one of a number of federal agencies working on putting President Obama’s Executive Order 13636 (aka Improving Critical Infrastructure Cyber Security) into effect. The goal of the EO 13636 is similar to that of Microsoft’s CME. Its central focus is partnerships with all stakeholders in the business of fighting cyber threats.
EO 13636 also organizes the array of standards that relate to cyber security into a single framework so that companies increase their awareness of new techniques and malware updates.
President Obama’s executive order goes well beyond run-of-the-mill malware. It includes cyber terror, cyber warfare, threats to critical infrastructure such as power plants, bridges, and public water supplies.
Is Eradication Possible?
Is the eradication of cyber threats possible? There is no telling what an organized, informed, and unrelenting counter attack on malware could produce. The computing tools keep getting better. The knowledge base keeps growing.
The problem is the tools and the information used by anti-malware forces could be available to the malware creators. At the time of this publication, the master key for the TeslaCrypt ransomware was released after a cat and mouse game with security companies.
Success in this fight may not be a zero-sum game. Winning the malware war may not involve completely eradicating malware. By winning a high percentage of their battles, the forces arrayed against malware could make the malware business increasingly complex and eventually unprofitable.
In that case the business of malware would eradicate itself.
All posts in this series: