Tool turns tables on ransomware

With healthcare organizations increasingly being targeted by ransomware, they need as many weapons in their cybersecurity arsenal as possible to combat the file-encrypting malware. A new tool is attempting to turn the tables on hackers.

Valuable medical data is the prize for cyber criminals, but a just-released tool from TrapX Security is designed to deceive attackers and lure them away from an organization’s critical assets. Using this “bait and switch” approach, the so-called deception technology foils ransomware by having it encrypt decoy data, while protecting the organization’s real files.

Called CryptoTrap, the tool provides organizations with the ability to detect and remediate ransomware threats before they can compromise their networks and harm real-world data.


“We’re leveraging a lot of the core intellectual property of TrapX’s deception technology,” says Anthony James, chief marketing officer at TrapX Security. “When someone breaks into your network, once they get in, they start hunting for access to compromise data. However, we have built a platform to put traps in their way to lure them away from valuable data.”

According to James, TrapX’s DeceptionTokens divert network-based ransomware attacks to specialized “traps” that alert security teams to the presence of the malware, while the source of the attack is isolated and disconnected from the overall network.

“The best way to describe it is like leaving bread crumbs that are pushed out to your end-user community,” he adds. “These bread crumbs point back to ransomware traps waiting for the malware to start to do its process….we’re turning the tables on the adversary by trapping them.”

Incidents of ransomware have recently increased, particularly toward healthcare organizations. Rather than paying a ransom, it may be more cost effective to take preventative steps to prevent or reduce the possibility of an attack. Security expert Mark Dill, principal consultant of tw-Security and former CISO at Cleveland Clinic, offers steps organizations should consider taking, using a “People, Process, and Technology” approach.
February 22

TrapX claims that its CryptoTrap tool is the first of its kind to hold ransomware attacks “hostage” by utilizing deception technology and traps, while keeping critical data safe.

“Healthcare, which is really vulnerable to ransomware, is one our primary industries,” observes James. “With our core platform, we’ve been able to emulate medical devices such as an MRI or CT scanner to create decoys that look like network-attached medical devices.”

Avi Rubin, director of the Health and Medical Security Lab at Johns Hopkins University, calls this approach to ransomware a “clever step in the arms race against attackers.”

Rubin says he is “familiar with this system, which was built by a well-known and well-respected security expert named Patrick Traynor, and I applaud him and his team for thinking outside the box and coming up with something novel and clever.” Nonetheless, Rubin predicts “the attackers will adjust, and they will come up with new attacks that make this defense more difficult, but this work represents a nice step forward for the good guys.”

TrapX cites the FBI, which found that in the first quarter of 2016, ransomware victims paid attackers $209 million, and in 2015 producers of the CryptoWall ransomware attack generated ransom of more than $300 million.

“The adversaries are becoming so sophisticated, and they’re learning different techniques that even skilled security personnel get hit with,” says James, who adds that TrapX researchers have identified more than 2,000 variations of ransomware that employ different methods of attack.

“That’s where these tools become paramount to help stop ransomware in its tracks before it does any damage to the real data,” he concludes.

The San Mateo, Calif.-based vendor is making CryptoTrap available for free to its existing TrapX customers, and the new tool is also being made available free to the public as part of a 30-day trial. More information can be found here.

For reprint and licensing requests for this article, click here.