Basically all these ransomware variants can be blocked with one simple technique: whitelisting.

The trick is to minimize the admin overhead of setting up a whitelist, and that is where we have unique and compelling solutions. 

This RaaS trend also shows the weakness of traditional (signature-based) defences such as anti-virus, that can never possibly keep up with the number of ransomware variants.

AI/Machine-Learning-based techniques are more effective, but it’s still a cat-and-mouse game as the algorithms used by them try to outpace the ransomware creators.

IT would love to put a “magic agent” on every endpoint that somehow detected and prevented malicious activity without actually having to limit the user in any way. There was a floor of vendors promising that at RSA. The technology has definitely improved, but there is no still no silver bullet unless you are willing to restrict your users.

The only foolproof solution is to explicitly list what a user can do, and where it can come from - whitelisting. It may sound draconian, but there are self-service and service desk tools to manage exceptions, and limit user impact and resistance. We have seen this deployed at enterprise customers, and where users are working with corporate equipment then they are accepting that there are limitations for security and compliance purposes, as long as the IT team responds quickly when an application is needed for a legitimate business purpose.

Layered security is the whole endpoint