Repelling A Ransomware Attack: Founder of BlackFog On The 5 Things You Need To Do To Protect Yourself Or Your Business From A Ransomware Attack

Be prepared. Ignoring the threat will not protect you. Just as they teach you in the Boy Scouts, preparation is the key to success. You need adequate tools, people, and processes in place.

Ransomware attacks have sadly become commonplace and increasingly more brazen. Huge enterprise businesses, gas pipelines, universities, and even cities have been crippled by ransomware and forced to pay huge ransoms. What can an individual or a business do to prevent and repel a ransomware attack?

In this interview series, we are talking to cybersecurity experts who can share insights from their experience and expertise about the “5 Things You Need To Do To Protect Yourself Or Your Business From A Ransomware Attack.” As a part of this series, I had the pleasure of interviewing Dr. Darren Williams, Founder and CEO of BlackFog.

Dr. Darren Williams is a serial entrepreneur and the founder of 3 technology startups over the last 20 years, two of which have been sold to public companies. He is currently the founder and CEO of BlackFog, Inc. a global cybersecurity company focusing on ransomware prevention and cyber warfare. Dr. Williams pioneered anti-data exfiltration (ADX) which provides a new approach in the prevention of cyberattacks across the globe.

Dr. Williams holds a Ph.D. and Bachelor of Science with Honors from the University of Melbourne, authoring several scientific papers and software applications for auto-radiographic densitometry and analysis. He is a dual citizen of both Australia and the United States where he now resides.

Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?

I grew up in Melbourne, Australia and spent the first 25 years of my life there and received my Ph.D. in Pharmacology at the University of Melbourne. I was interested in computers at an early age and started writing software from about 10 years old and never really stopped. I saw a lot of opportunities as computers became more powerful, and by the time I went to college I was coding on the Cyber 990 and IBM PCs, developing algorithms to solve research problems. I subsequently went on to develop software to reduce the use of animals in teaching using multimedia, and I founded my own research lab. This set the foundation for me to start my first company in the late 90’s and move to Silicon Valley, where I now reside.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

I was fascinated with cybersecurity very early on and saw the evolution of the first computer viruses while attending college. However, it wasn’t until I was working for a company involved in recovering stolen laptops that I realized that companies didn’t care about the machine itself, but rather the data that was on it. This made me realize that the way everyone was approaching cybersecurity was the reverse of the way I thought about things. Existing companies still think about cybersecurity as defensive, repelling the threat by placing barriers in the way. I thought about cybersecurity from the perspective of protecting the data on the device and preventing attacks in the first place. This is how BlackFog was born.

Can you share the most interesting story that happened to you since you began this fascinating career?

The one that immediately comes to mind involves a prospect who had been in the cybersecurity industry for a couple of decades that was rather dismissive of our technical staff and threat intel team. They voiced comments such as, “I’ve seen it all,” and, “There’s nothing you can show me that I haven’t heard of and no concepts I’m not familiar with.” Our team persisted and showed him how BlackFog works, challenging his ideas and approaches. After the call, his team said they would do their own testing and get back to us. We thought we would never hear from them again, as they were not exactly open-minded. Low and behold, a month later we received an apology email from the prospect. They were so accustomed to getting pitched with the same old tools and ideas that they stopped believing there could be anything better out there. After the test results came back, they were astounded by what they saw. No attack was able to penetrate, and they had benchmarked us against the best tools currently available. They are now one of our biggest advocates, even going so far as to ask if we needed investors! Perhaps the biggest compliment and words of encouragement were, “We think you guys will be the next billion-dollar company in cybersecurity.”

You are a successful leader. Which three character traits do you think were most instrumental to your success? Can you please share a story or example for each?

Persistence is one of the key traits of any leader. No matter what you are doing there will be times when you want to give up because it’s so difficult. These challenges are put in place to test your resolve. If it was easy, everyone would be doing it, but these challenges make us look at problems in entirely new ways and search for better solutions. It’s often the case, that when you persist long enough, you will make your greatest breakthrough.

Research, research, research. If there is one thing I see every day it’s the lack of research that most entrepreneurs do before launching a company. I see constant examples of me-too companies that think they have invented a great new product, but it is the same as three or four others already in the market. Look for new ways of solving problems.

Perhaps the most important trait of all is attitude. You can have all the ability and work ethic in the world, but if you have the wrong attitude you will never succeed. I would argue attitude is the most important trait because it’s so hard to teach. You have to love what you do and wake up every morning thinking you can take on the world. It’s infectious and crucial for a leader. Who wants to be around a negative or uninterested person?

Are you working on any exciting new projects now? How do you think that will help people?

We are getting ready to launch our Virtual CISO (vCISO) offering this year. We have found that a lot of small and mid-size organizations don’t have the in-house cybersecurity expertise required to keep up with the ever-changing cybersecurity challenges, and our new offering will enable them to have access to our experienced threat intelligence team 24/7.

For the benefit of our readers, can you briefly tell our readers why you are an authority about the topic of Ransomware?

BlackFog is in its third year of collecting ransomware data and we’ve become a leading authority on the topic. We just published our 2021 Annual Ransomware Report, which can be found here. In addition, we help our customers win the war on ransomware every single day. We are in the trenches and immersed in new cyber threats so our customers don’t need to be. Our software was developed with more than four years of research and development, and we have never had a customer suffer a loss from ransomware under our watch.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. In order to ensure that we are all on the same page let’s begin with some simple definitions. Can you tell our readers about the different forms of ransomware attacks?

Ransomware attacks all have the same basic principle, to extort you or your company for money. The way they can do that varies based on the type of variant or technology employed. In the early days, the focus was on encrypting the files on your machine and only unlocking them after receiving payment, usually in the form of cryptocurrency. More recently their tactics have changed and the extortion comes from exfiltrating data from your device and threatening to release it if a ransom isn’t paid. This can be embarrassing information, confidential data, financial information, customer records, or pure espionage. A sample of the data is typically made available to the victim as evidence; then they are threatened with leaking it or selling it online unless the ransom is paid. We have even seen cybercriminals making money by selling the intent of an attack so that people can short stock and make money from the incident after it is publicly disclosed. There are many ways that ransomware can affect victims.

Who has to be most concerned about a ransomware attack? Is it primarily businesses or even private individuals?

Today’s ransomware gangs are focused on the bigger targets who are more likely to pay the biggest ransoms, and they are more focused on exfiltration than encryption. Last year we found that double and triple extortion attacks increased, and some gangs targeted individuals after attacking the organization. High-profile attacks such as Colonial Pipeline and JBS Foods raised awareness of the issue globally when supply chains were impacted, making the topic of ransomware mainstream news. As a result, some companies have seen consumer backlash after disclosing an attack because consumers have become more protective over the misuse of their data. When it comes to ransomware and private individuals, they are more likely to be impacted as a result of a company holding their personal information rather than an attack on their device.

Who should be called first after one is aware that they are the victim of a ransomware attack? The local police? The FBI? A cybersecurity expert?

First, call your IT experts, so you can try and minimize the impact of the attack by shutting down your networks to mitigate further disruption. Then, call your forensics partners, so you identify what data has been stolen in the attack. Perhaps most importantly, inform your legal advisors, who can help you with the necessary breach reporting and compliance requirements. Many companies assume that ransomware doesn’t need to be reported until there has been a data breach, but with over 80% of attacks exfiltrating data, this isn’t the case. Being upfront with the authorities and your customers is the best approach.

If a company is made aware of a ransomware attack, what are the most important things they should do to protect themselves further, as well as protect their customers?

At this point, the horse has bolted and the damage is done. Acting quickly, notifying the relevant authorities, and being transparent about the attack will help with the inevitable clean-up project. The focus then needs to be on ensuring you are not victimized again. Sadly, this is often the case, especially when organizations pay the ransom as a quick fix. The most important thing you should do is evaluate your approach to cybersecurity and adopt newer technologies that are up to the job of preventing future attacks. You would be amazed by the number of organizations that think their antivirus solutions protect them.

Should a victim pay the ransom? Please explain what you mean with an example or story.

In a perfect world, no! However, we don’t live in a perfect world, and some organizations feel they have no choice, as getting business operations back to normal as quickly as possible is critical to their survival. Unfortunately, many organizations that pay ransoms don’t get their data back. After all, you’re negotiating with criminals. In addition, organizations risk being hit again as cybercriminal gangs know they are likely to pay. It’s also worth noting that depending on where you are located, it can be illegal. In late 2020, the United States Department of the Treasury issued an advisory that prohibits ransomware payments to any sanctioned party. Victims of ransomware attacks and those that might facilitate the payment of ransoms face a significant compliance challenge because sanctions apply even if the payer does not know it has paid a sanctioned party.

What are the most common data security and cybersecurity mistakes you have seen companies make that make them vulnerable to ransomware attacks?

Relying on antiquated solutions to fight modern cybercrime is one. Many organizations that don’t understand the scope of the problem often believe they can just install an antivirus solution and that will protect them. However, the evidence is clear that these solutions fail more than 80% of the time. Organizations must understand that most solutions were based on the idea that all you need is a fingerprint to detect the bad guys, but modern attacks (polymorphic attacks) don’t leave a static fingerprint to detect.

What would you recommend for the government or for tech leaders to do to help limit the frequency and severity of these attacks?

Government and tech leaders are so focused on fighting fires they forget they are becoming engulfed by flames. Cyberattacks are only escalating. Organizations need small teams that can look for new solutions to get in front of the problem, not constantly add more firefighters. This is why there are hot-shot teams that get in front of a fire and create breaks to prevent the fire from expanding. The same principle needs to be applied to cybersecurity. Adding people in the wrong places does not solve the problem. You need to deploy new tools and techniques to eliminate the threat.

Ok, thank you. Here is the main question of our interview. What are the “5 Things You Need To Do To Protect Yourself Or Your Business From A Ransomware Attack” and why? (Please share a story or example for each.)

Be prepared. Ignoring the threat will not protect you. Just as they teach you in the Boy Scouts, preparation is the key to success. You need adequate tools, people, and processes in place.

Prevention is better than cure. Short-circuiting a problem before it happens is much more economical than having to deal with an attack after it happens. Invest in modern cybersecurity prevention tools to prevent the attack from happening.

Cybersecurity is all about the data. So many organizations are so focused on defense that they ignore the fact that data is leaving the network. Having an anti-data exfiltration tool in place is critical to understanding what is happening on individual devices and networks.

Focus on the device. The hybrid workforce is here to stay and people are more mobile than ever. Don’t expect corporate networks and firewalls to protect you from an attack. Cyberattack prevention needs to be on the device itself, not on the edge of the network. The war is being waged on the device itself so focus on solutions that operate there.

Change is the only constant. Ransomware has captured the imagination of organizations and is recognized as a real threat. The low cost of entry for a cybercriminal together with the low risk of being caught continues to attract new players daily. Just as you cannot rely on a single protection for your home, nor should you have a single layer of protection for your devices. It’s going to involve more than one vendor. Look for the best of breed solutions, not a single vendor to provide the best protection for your organization.

You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. :-)

Trust the science. As human beings, we have climbed mountains, flown to the moon, and eradicated diseases using science. The last few years, we have seen the introduction of groundbreaking vaccines that will change the face of medicine as we know it using messenger RNA. Trust the science from qualified professionals, not politicians, not social media, not YouTube.

How can our readers further follow your work online?

Follow us on our social channels and register to receive a monthly ransomware report to stay on top of what’s trending globally.

LinkedIn: https://www.linkedin.com/company/blackfog

Twitter: https://twitter.com/blackfogprivacy

Facebook: https://www.facebook.com/blackfogprivacy

This was very inspiring and informative. Thank you so much for the time you spent with this interview!