BicDroid | News | 2021 Solution for REvil Ransomware Attacks

News | 2021 BicDroid Provides a Solution for REvil Ransomware Attacks



BicDroid's Data Protection Solutions Help Defeat REvil, the Record Ransomware at $50 Million for ACER

March 21, 2021

Waterloo, ON - Ransomware has set a new record this past week with $50 million being demanded from the well known computer manufacturer ACER. This exceeds the previous record demand of $30 million. Large companies with dedicated computer and network security departments have continued to show that they are just as vulnerable as medium and small businesses. The ransomware teams with their wide variety of toolsets and methods are not the "script kiddies" of 20 years ago. These ransomware teams are organized, sophisticated, and constantly developing new methods of entry into computers and networks while escaping detection.

Current information about the ACER attack is that the gang, believed to be an affiliate of REvil, has exfiltrated (copied to their own servers) many megabytes, perhaps even terabytes, of important and sensitive financial data. They then encrypted the data on the ACER systems causing severe disruption to all of ACER's business activities. Even with recent backups to restore files, key data of days, perhaps even weeks, may have been lost. Overall, ACER's recovery from this attack will likely take weeks of additional time for ACER employees already busy with their normal work. The current anti-virus (AV) and network scanning tools employed failed to provide any form of detection or prevention. This mirrors the SUNBURST attack against U.S. government agencies and large companies just a few months ago where the best and most advanced scanners showed that they were inadequate. New approaches are clearly required.

"More and more often we are seeing it is a case of when these gangs gain administrator access – not if", says BicDroid CEO Professor Yang. "Clearly these companies and organizations need to be using a different approach like BicDroid QDocSE/EE which continues to protect important data even when systems are breached."

By strengthening the security of operating system (Windows and Linux), BidDroid's unique approach smartly integrates data encryption with end-to-end cryptographically secure access control. It carves out dynamically and on demand, from the execution environment, a quarantined secure work space for data activities to take place, denying data access request from any process deviating from the end-to-end cryptographically secure chain. It continues to protect the data files even when (not if) a bad actor with administrator privileges is on the system – undetected.

Further, BicDroid's Central Sentry Platform (CSP) will be alerting owners, in real time, when unauthorized access attempts are happening and being blocked because of QDocSE/EE's protection.

When a ransomware gang infiltrates a system, they likely exercise two actions: (1) take a copy of the important data files out (exfiltration); (2) and then encrypt the local data to prevent the legitimate owner getting access. The first step improves their ability to demand a high value of ransom and also get paid the demanded ransom. Once data is protected by QDocSE/EE, both actions from the ransomware gang can be blocked.

More sophisticated styles of attack on the data, with techniques such as side-loading, by gangs are prevented from happening by QDocSE/EE too. Comprehensive protection information is available from BicDroid directly.