Israeli Bufferzone Offers Ransomware Solutions
Ami Rojkes Dombe
Passionate Reporter and Editor with Deep Defense & Cyber Industry Knowledge
Three hospitals in Israel have recently suffered a ransomware attack. Along with them, so were attacked: the Electricity Authority, Ministry of Finance and several undisclosed government agencies. Not to mention dozens or hundreds of Israeli citizens and business owners, affected by the malware and probably paid hackers ransom without anyone knowing.
A recent UK survey showed that 44 percent of those infected with ransomware – paid. Even the FBI recommended people to pay. Recently, a Hollywood Hospital hit by ransomware paid 17,000 dollars. The FBI handled that particular case.
One of the problems with the ransomware lies in the fact that they break through all filtering mechanisms, whether they are rule/signature-based or rather based on behavior anomaly detection. One common software, which also affected Israel in recent months, is TeslaCrypt. An article in trustwave website explains how it happens. Abstractly, hackers uses exploits in content sites. They use the Angler Exploit Kit to implant malicious Java code (Obfuscated JavaScript) and from that moment on, every surfer infected by the ransomware.
"BUFFERZONE's solution comes from a different philosophy. We do not seek to discover threats, but rather assume all traffic is malicious, and the need to contain it," said Israel Levy, CEO. "The solution is based on a software (client), installed on your computer and it creates a container to which all downloaded files from the Internet are transferred, whether he sees them or not (the malicious kind). As to the user – his work with the files is being done in a transparent manner. If one file includes malware, it does not affect the actual operating system, as it is contained.
"As for the malware, it operates on actual files. However, when it writes to the file or try to change it, the results of that action remain in the container. Lets take ransomware for example. It encrypts files. As far as it is concerned, it encrypts the files, only it does not know that it is doing so within the container. After the encryption is finished, you can see all the files encrypted in the container. With a push of a button, you can clear the container, and the original files were not damaged at all.
"When a user wants to move a file from the container to the actual work environment, the file goes to a clearance system. We are connected to several clearance systems and for the user this is a transparent operation. The clearing operation involves a deep scan, but also reassembly of the text alone. When you break down the text and assemble it, and only it, back to a new file, all scripts who were in the infected file will not be transferred."
BUFFERZONE Company underwent significant changes in the last two years. Originally, a few years ago, the company's name was Trustware, and their product – called BUFFERZONE – was marketed to the private sector. The product was free, and only professional features were charged (freemium). That model did not hold, and two years ago, they decided to target the corporate market with the name BUFFERZONE.
After several software modifications were made, to fit the corporate environment, the company contacted McAffee and LANDESK – two security companies with a broad client base. Nowadays, BUFFERZONE's product is managed by these platforms and is sold by the sales departments of these companies. In addition, the Company operates through distributors in Europe (mainly in France) and several Asian countries.
"Because all the work with the Internet is done within the container, detached from the operating system, an organization can let the employee surf the internet freely with complete confidence", said Levy. "In most cases, there is no real need to remove the files from the container. If needed, there is a clearance system.
"The concept of attempting to identify the threat before it infiltrates the organization has not proved itself. Especially when a ransomware is involved. A perimeter defense is an illusion. It is good to have thwarting mechanisms to catch simple, known threats, but against ransomware or other sophisticated malware, it just does not help."