Repelling A Ransomware Attack: Saumitra Das of Blue Hexagon On The 5 Things You Need To Do To Protect Yourself Or Your Business From A Ransomware Attack

Backup and practice: Backup important data, make sure access to that backup itself cannot be attacked. Practice your restore and contain strategy so you can do it when needed.

Ransomware attacks have sadly become commonplace and increasingly more brazen. Huge enterprise businesses, gas pipelines, universities, and even cities have been crippled by ransomware and forced to pay huge ransoms. What can an individual or a business do to prevent and repel a ransomware attack?

In this interview series, we are talking to cybersecurity experts who can share insights from their experience and expertise about the “5 Things You Need To Do To Protect Yourself Or Your Business From A Ransomware Attack.” As a part of this series, I had the pleasure of interviewing Saumitra Das.

Saumitra Das is the CTO and Co-Founder of Blue Hexagon. He has worked on machine learning and cybersecurity for 18 years. As an engineering leader at Qualcomm, he led teams of machine learning scientists and developers in the development of ML-based products shipped in hundreds of millions of devices from phones to wearables and IoT. He has also worked on machine learning and security at US-CERT, Intel, and Microsoft Research. He is a prolific inventor with 330 worldwide and 125 US granted patents and an additional 450 patents pending. He has published peer-reviewed original research extensively (15 journal, 26 conference, two book chapters, IETF networking standards contributions) with more than 2,400 citations including a best-paper award. He holds an MSEE from Carnegie Mellon and a Ph.D. from Purdue University.

Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?

I grew up tinkering with PCs from the 8088 to 286 to Pentium days where viruses would only enter via floppy disks.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

I studied at Carnegie Mellon, one of the foundational schools for machine learning and robotics, which also had the Computer Emergency Response Team office on campus. I got inspired to look at cyber security and applying machine learning and robotic automation to it 20 years ago. The technologies were immature back then but we now see many examples of these fields coming together.

Can you share the most interesting story that happened to you since you began this fascinating career?

Embedding security and machine learning into devices big and small from IoT, phones, cars all the way to entire cloud real estate that can span the entire globe across multiple countries. Makes me feel my passion and hard work has global impact and helping business transformation happen safely.

You are a successful leader. Which three character traits do you think were most instrumental to your success? Can you please share a story or example for each?

Empathy — starting a new company is hard. Having empathy for a shared destiny with your coworkers is the most important thing. Only a well-bonded team that shares the same vision and feels sense of ownership can build something of great value.

Hiring people who know something different — always hire people who may outsmart/outshine you in some aspect. Whole should always be greater than sum of parts when it comes to a diverse talented team.

Innovation — non-stop, limitless. I have filed many patents in my career with lots of smart people. Bringing ideas together from a diverse group and innovating is critical to meaningful and sustainable success.

Are you working on any exciting new projects now? How do you think that will help people?

We are applying deep learning to protect the businesses (and brands) moving to public cloud. The pandemic is moving companies to the cloud and it is a new horizon to be protected.

For the benefit of our readers, can you briefly tell our readers why you are an authority about the topic of Ransomware?

I have been helping companies defend against ransomware for many years. When it comes to Ransomware, early detection, accurate detection and zero-day detection are the key to successful defense. I have studied the genetic (code) traits of ransomware strains and their variants for several years. This uniquely helps us detect and defend against ransomware, without having any previous knowledge of the exact ransomware and the attacker TTP.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. In order to ensure that we are all on the same page let’s begin with some simple definitions. Can you tell our readers about the different forms of ransomware attacks?

Traditionally, ransomware attacks try to encrypt your data and blackmail you to decrypt it. Recently attackers also steal data so even if you have backups they have leverage. They also name and shame you in public which affects brand reputation. Some may even disrupt your business workflows or factories instead of encrypting data.

Who has to be most concerned about a ransomware attack? Is it primarily businesses or even private individuals?

Mainly businesses (and public service/infrastructure organizations) are targeted by sophisticated attackers but any individual can also be ransomed. Nobody is immune — theft, blackmail, nation-state attacks, business disruption, reputation harm… the list of harm from ransomware is long and growing!

Who should be called first after one is aware that they are the victim of a ransomware attack? The local police? The FBI? A cybersecurity expert?

If they are just a business user in an organization, they should first escalate to the internal IT and security teams who usually have procedures to deal with this. Many industries are regulated on reporting around attacks and breaches as well. The FBI and other govt agencies have become more proactive in the last year even going on the offense towards such groups.

If a company is made aware of a ransomware attack, what are the most important things they should do to protect themselves further, as well as protect their customers?

They need to investigate using a detection and response tool they already have or bring one in-house. Depending on the nature of entry they may need to patch systems or take important systems offline. Start playing out the backup and response playbook to make sure backups can be restored. Ask important admins and users to turn on MFA if they have not already or reset their passwords.

Should a victim pay the ransom? Please explain what you mean with an example or story.

Ransoms are growth funds for the attackers who will just do more with it. However, given business pressure or time pressures organizations typically need to make a decision that takes into account all the tradeoffs. Every situation is different and sometimes a small loss or payoff is better to avoid greater loss (monetary, brand or even lives). The important thing is to be prepared for it, before the incident happens, and then learn from it to avoid future recurrence.

What are the most common data security and cybersecurity mistakes you have seen companies make that make them vulnerable to ransomware attacks?

Not patching IT systems in time, too much user privilege, too many old accounts, accounts that don’t have MFA, using privileged security appliances or agents that can themselves get hacked, thinking that cloud provider will secure them, not investing in modern technologies e.g. AI and automation and because security teams are overloaded.

What would you recommend for the government or for tech leaders to do to help limit the frequency and severity of these attacks?

Invest beyond legacy tools for detection and response. Use AI to deal with attack mutations. Fund security budgets appropriately, and proactively not reactively. Have response and automation to blunt the spread of attacks, limiting the harm they can cause.

Ok, thank you. Here is the main question of our interview. What are the “5 Things You Need To Do To Protect Yourself Or Your Business From A Ransomware Attack” and why? (Please share a story or example for each.)

1. Improve your IT hygiene: Not patching systems in time, too much privilege, too many old accounts, accounts don’t have MFA.
2. Invest in security: tools and people and training are all needed. It cannot be an afterthought. Cyber breaches affect your brand and business directly.
3. Use Artificial Intelligence tools (AI): All determined attackers are using mutated and unknown malware. Only AI can predict something that has not been seen before.
4. Protect your cloud: There has been a big shift to the cloud opening up a new attack surface. Secure it, now.
5. Backup and practice: Backup important data, make sure access to that backup itself cannot be attacked. Practice your restore and contain strategy so you can do it when needed.

You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. :-)

Believe in the power of innovation. It’s the one thing that has been a force multiplier for mankind for decades and will continue to be so in future forever. Do everything you can to foster innovation in everything you can impact.

How can our readers further follow your work online?

Follow me https://www.linkedin.com/in/saumitramdas/ and Blue Hexagon https://www.linkedin.com/company/blue-hexagon-inc on LinkedIn

Thank you so much for joining us. This was very inspirational.