By Ryan Klund - Business Development Associate
A new mechanism for Cybersecurity Professionals, called Ransomware Canaries, are an extremely valuable tool for early detection of ransomware strains in business networks.
*Note This article is intended for a non-IT Professional audience and will not dive deep into technical details about how ransomware canaries work. If you’re interested in reading more about technical details, here is an article written by SWICKtech partner, Huntress.
What are Ransomware Canaries?
The old phrase “Canary in a Coal Mine” refers to a mining tradition that started in the early 20th century (and was used until the 90s!) that utilized canaries in coal mines as early warning signals for the presence of toxic gases inside, primarily carbon monoxide. If a gas was present in a mine, it would kill the birds before killing the miners, giving them ample warning to get out safely.
Ransomware Canaries perform, essentially, the same function. These tools detect suspicious activity in a network before we can see it ourselves.
These canary files are placed by an IT professional within a network’s endpoints (computers, servers, mobile phones, virtual environments) and when the files are tampered with an alert opens an investigation to determine if the activity is indeed malicious.
Can I see Canary files on my computer?
Ransomware Canaries are similar to files that you’re probably using on your computer everyday. They can be Microsoft Word, Excel or .jpg files on your machine – but they’re probably hidden, so you shouldn’t be able to see them yourself.
*Note: if you do locate a suspicious looking canary file on your machine, do not worry and do not tamper with the file. The files are typically distinguished somehow as a canary file. Let someone from SWICKtech or someone on your IT team know that you found the file to be safe.
Are Ransomware Canaries a silver bullet?
No, canary files on your computer are only one part of, what should be, a multi-layered and multi-faceted cybersecurity plan protecting your organization from threats.
For example, ransomware canaries do not protect at all. They are a tool to deliver faster detection to professionals of malicious activity in a network. There are several tools that should also be utilized in your IT environment for ample protection from cyber threats.
SWICKtech, an IT Service Provider for many businesses in Waukesha, Milwaukee and the greater Midwest deploys ransomware canaries, as well as many other risk mitigation and protection techniques for protecting our clients.
If you’re interested in learning more about cybersecurity and threat detection for your organization, we’d be happy to have a no-strings-attached conversation at any time.