Jump to content

Christian Mairoll

Emsisoft Employee
  • Posts

  • Joined

  • Days Won


Posts posted by Christian Mairoll

  1. The Alphv ransomware group, also known as BlackCat, has come up with an innovative new strategy to put additional pressure on victims. First, to provide some background, Alphv is a rebrand of the BlackMatter operation which was itself a rebrand of Darkside, the ransomware used in the attack on Colonial Pipeline. Ransomware gangs used to simply […]

    The post Ransomware group ups pressure on victims with new extortion tactic appeared first on Emsisoft | Security Blog.

    View the full article

  2. Jeremy, I totally agree with the concept of reducing potential points of failure. However, please keep in mind that antivirus software always needs to exchange data with some sort of cloud infrastructure to be able to do its job. In the early years it was enough if software pulled online updates once a day, then we needed more frequent updates (about 1h intervals), and today we're at a point where we need a permanent connection to provide the best possible protection. Mainly to get real-time information about newly emerging threats and also to be able to push updates at any time, without a delay of 30 minutes. That's why we are currently in the process of changing our entire backend infrastructure to 'managed' devices.

    'Managed' in this context doesn't necessarily mean these devices can be fully remote controlled (that's only the case if you use 'Local&Remote' or 'Remote only' workspace management modes), it rather means that devices have a permanent connection to the cloud to exchange malware intelligence (such devices show up as 'Managed' in your workspace). At the end of the day, those new cloud interfaces are not more or less secure than the simple hourly online updates were before. We are very well away of the risk involved with providing any cloud interfaces and do our best to make it as hard as possible for attackers to get in and manipulate data. 

    None of our interfaces provide the ability to execute code on your devices. Software updates are the only way you can receive executable code from us, and again, those interfaces haven't conceptually changed since Emsisoft was founded 20 years ago. Our data transfer channels are secured on multiple levels, making it pretty much impossible to infiltrate unauthorized code. Our transfer channels and binaries are digitally signed on top of SSL to block any man-in-the-middle attempts by design. Our production database has very rigorous access limitations even within our team. But truth be told, there is no 100% guarantee that we'll never get hacked. 

    That above described 'Please re-authenticate' notification shows up when you have a device using a license that is assigned with a workspace but the device hasn't migrated to 'managed' state yet. Changing it to managed is a one time action.


    • Upvote 1
  • Create New...