Latest news with #CyberSense
Forbes
08-05-2025
- Business
- Forbes
Understanding Ransomware Behavior: The Key To Ensuring Data Integrity
Jim McGann is Vice President at Index Engines. getty Ransomware remains one of the most pervasive and evolving threats to organizational data security. As attacks grow more sophisticated, many businesses implement cyber-resilience strategies based on incomplete or false information about how ransomware operates. This knowledge gap has created a dangerous vulnerability in how organizations prepare for and respond to these threats. The cybersecurity industry is flooded with conflicting information about ransomware behavior. For instance, many security organizations claim that ransomware variant X exclusively targets database files, while variant Y focuses on encrypting backup systems first. However, controlled testing environments frequently reveal that these generalizations are oversimplified or entirely incorrect. Take the case of the notorious Conti ransomware. I've seen some reports suggest that Conti would terminate itself if it detected Russian-language system settings. However, other reports clarified that only certain variants of Conti included this behavior—others operated regardless of language settings. It is common for malware—particularly ransomware originating from Eastern Europe—to check system language settings and avoid targeting systems using languages of the region. Similar misconceptions exist around ransomware families like Ryuk (registration required), BlackCat and LockBit, where their actual behavior often contradicts commonly published characteristics. This misinformation creates a fundamental problem: Organizations implementing protection strategies based on flawed assumptions are effectively building their defenses on unstable ground. When security teams rely on inaccurate behavioral profiles, they create dangerous blind spots in their defensive posture. A company might invest heavily in protecting document repositories based on intelligence suggesting that a prevalent ransomware variant targets Office files first, only to discover too late that the variant prioritizes database encryption. These misguided protection strategies lead to: • Misallocation of security resources • False confidence in existing defenses • Inability to accurately assess organizational risk • Increased vulnerability to successful attacks The only reliable method for understanding ransomware behavior is through controlled detonation and behavioral analysis. This approach involves: 1. Creating isolated test environments that mirror production systems 2. Deploying ransomware samples in these controlled environments 3. Meticulously documenting the malware's behavior, including encryption patterns, propagation methods and evasion techniques 4. Classifying these behaviors into distinct categories for easier recognition and response Based on our own CyberSense Research lab, we've identified approximately 30 generalized classes of ransomware behavior. These classifications range from encryption sequencing (which files are targeted first) to network propagation methods, command-and-control communication patterns and data exfiltration techniques. With thousands of new ransomware variants emerging daily, manual analysis is no longer feasible. Advanced security operations now employ automated testing systems that can process and classify new variants at scale. These systems continuously monitor the ransomware landscape, providing real-time intelligence on emerging threats. The behavioral classifications derived from this testing serve as invaluable training data for AI models. These models can then: • Predict how new variants will behave based on code similarities • Identify the attack vectors for specific ransomware families • Recommend targeted protection strategies based on an organization's specific risk profile • Detect ransomware activity in its earliest stages, before encryption begins Organizations implementing AI systems trained on accurate behavioral data have achieved remarkable results, with detection accuracy rates approaching 99.99% in controlled testing environments, based on our data. True cyber resilience against ransomware can only be built on a foundation of accurate behavioral intelligence. Organizations must do the following: 1. Question generalized claims about ransomware behavior. 2. Invest in or subscribe to services that provide verified behavioral analysis. 3. Regularly update recovery strategies based on the latest intelligence. 4. Implement AI-powered detection systems trained on accurate behavioral data. By understanding how ransomware variants behave—rather than relying on industry rumors or oversimplified descriptions—organizations can implement targeted, effective protection strategies that address actual threats rather than perceived ones. In the ongoing battle against ransomware, accurate behavioral intelligence is not just an advantage—it's a necessity for maintaining data integrity and business continuity in an increasingly hostile digital environment. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Yahoo
08-04-2025
- Business
- Yahoo
Index Engines' Latest CyberSense® Release Strengthens AI-Driven Cyber Resilience
The latest CyberSense update provides an industry-first raw disk corruption detection, advanced threat analysis, and seamless integration to fortify cyber resilience HOLMDEL, N.J., April 8, 2025 /PRNewswire/ -- Cyber Resilience company Index Engines, today announced the release of CyberSense 8.10, fully integrated with Dell PowerProtect Cyber Recovery, which provides powerful new capabilities to enhance cyber resilience and streamline recovery from ransomware attacks. CyberSense's highly-trained AI ensures data integrity, empowering organizations to detect corruption from cyber threats and recover with confidence. With more than 1,500 global installations, CyberSense continues to lead the industry in ransomware detection. "As ransomware attacks continue to rise, organizations must ensure they have data integrity to enable fast and accurate recovery," said Larry Meese, Vice President of Product Marketing at Index Engines. "CyberSense innovation and integration with Dell PowerProtect Cyber Recovery represents another major step forward in delivering comprehensive cyber resilience. It not only enhances our customers' abilities to detect and recover from threats more effectively but also reinforces Index Engines' position as a trusted leader in AI-driven data protection and integrity." This latest release is focused on the advanced, proactive detection of bad actors for an accelerated and streamlined recovery: Raw Disk Corruption Detection: Index Engines offers the industry's first raw disk corruption detection safeguards for virtual machines against ransomware, malware, wiper attacks, hardware failures, and internal corruption. CyberSense flags raw disk corruption by identifying read errors and alerting users to potential attacks that prevent access to critical files. Traditional ransomware retains visibility into the (encrypted/corrupted) files, making them accessible but unusable. By contrast, this attack vector hides the files, giving the appearance of an empty or faulty disk. Custom YARA Rule Support: Custom YARA rules within CyberSense support detection of patterns in files, allowing it to identify even zero-day ransomware that hasn't been seen before. Custom Malware Signatures: While CyberSense already maintains its own database of malware signatures, users can now supply their own MD5 signatures, enabling both forward and backward detection of malware in backups. Once added, CyberSense will search for the signature within both historical and future backups. Rapid Threat Detection with Delta Block Analysis: Users can now see the DBA score produced by CyberSense and visualize on a graph how that score changes over time, and what is normal activity for their environment. Already an existing feature in previous versions, DBA improves performance by scanning only changed blocks rather than all files on a virtual machine. It uses AI to detect suspicious activity and triggers a full index if necessary. Expanded Workload Support and Future Proofing: Optimized for databases, VMs, and cloud workloads, CyberSense ensures seamless integration with leading security and backup solutions, including PowerProtect Data Manager 19.18 & 19.19; Avamar 19.12, NetWorker 19.12; Commvault Backup and Recovery 11.36; Cohesity NetBackup 10.5, including NetBackup OST (Open Storage Technology); and Oracle ASM RMAN. CyberSense 8.10 brings deeper visibility into organizational data integrity, ensuring the detection of corrupted data, and allows organizations to pinpoint the last known clean backup, to minimize the impact of an attack. This latest release also empowers organizations with expanded role-based access control with custom permissions as well as improved threshold alerts and UI/UX improvements. CyberSense is available now through Dell Technologies and its global partner network. See it at Index Engines' booth during Dell Technologies World, May 19-22 in Las Vegas. To learn more about how Index Engines is driving the future of cyber resilience, visit: About Index EnginesAt Index Engines, we are experts in Cyber Resiliency, helping organizations build an infrastructure where trusted data is available and reliable. Our leading solution, CyberSense, provides a 99.99% SLA for detecting ransomware corruption. CyberSense empowers organizations to confidently navigate cyber challenges, mitigate risks, and quickly recover to normal business operations in the ever-evolving cyber landscape. For more information, visit View original content to download multimedia: SOURCE Index Engines
