Can antivirus software prevent ransomware attacks? It’s possible, but extremely unlikely according to a recent survey conducted by Barkly. The survey showed that out of the companies polled, 100% of organizations that had experienced a ransomware attack in the past 12 months said they had AV software but it did not prevent ransomware from locking up files.
Companies were also asked about some of the other protections they had in place and whether they were effective at preventing ransomware attacks. Other cybersecurity solutions fared a lot better, but most were ineffective on their own and none were particularly reliable.
While firewalls are essential and can be highly effective at preventing cyberattacks, when it comes to ransomware they were ineffective. 95% of companies said their firewall was bypassed. This can be explained in part due to the method of attack. Many ransomware attacks use email as the attack vector with employees inadvertently installing ransomware by opening infected email attachments. Firewalls are ineffective at preventing this type of attack.
However, many companies with email filters also didn’t manage to prevent ransomware from being installed. 77% of respondents that had experienced a ransomware attack in the past 12 months said their email system failed to prevent the attack. This shows that while email filtering is essential in catching the majority of malicious emails, it is still necessary to train staff on basic security and for them to exercise caution when opening emails from unknown senders. Although, 33% of companies that trained staff on cybersecurity awareness said they had still experienced ransomware infections. Anti-malware solutions were more effective, although 52% of respondents said even these controls were bypassed.
Unfortunately, as the survey has shown, companies are failing to implement the necessary defenses and even fail to respond correctly after an incident occurs. 43% of companies didn’t purchase any additional software after experiencing a ransomware attack. The usual response is to conduct training internally or update security policies. Half of respondents did the latter and two thirds did the former.
When defenses are improved, many companies choose similar technology to that that was bypassed. 26% said they reinvested in email filtering, 20% bolstered their antivirus solutions, and 17% purchased new firewalls.
An interesting insight from the survey was the extent to which organizations are relying on backups to recover from ransomware infections. 81% said they were confident that their backup policies would allow them to recover from a ransomware infection. However, fewer than half of respondents who had experienced a ransomware attack in the past 12 months were able to recover files from backups. Restoring files from backups is a last resort if files are encrypted.
There is, unfortunately, no silver bullet that will protect against ransomware attacks. Stopping ransomware requires a multi-layered strategy using a wide range of IT security solutions and training programs, and a solid backup strategy.