KnowBe4 backs its training with a crypto-ransom guarantee

KnowBe4 is offering to pay ransomware demands if a user falls victim to a crypto-ransom attack.

Ransomware attacks like CryptoLocker have been plaguing users for a while now. The recent shutdown of the Gameover Zeus botnet has led to a dramatic decline in these types of attacks, but you can expect that cybercriminals will regroup and launch new ones soon enough. But KnowBe4, a company that offers security awareness training, is so confident it can teach users to protect themselves, it's offering to pay the ransom if a customer falls victim to a ransomware scheme.

Ransomware attacks like CryptoLocker compromise a PC by encrypting all of its data (and possibly all data on connected external or network drives as well) and holding it ransom. The attackers demand payment--often in the form of Bitcoin which is more difficult to trace--in exchange for providing the key necessary decryption key.

The FBI estimates that more than 200,000 users have been affected by ransomware, including CryptoLocker, CryptoDefense, and CryptoBit--accounting for somewhere in the neighborhood of $30 million worth of ransom payments in the last quarter of 2013 alone.

Unfortunately, ransomware falls into an area that is as much social engineering as it is malware in most cases, and often antimalware tools fail to detect it. It is the user behavior of opening attachments or clicking on links that leads to compromise.

"Now is a very good time for IT to seize the moment and train its users," said Stu Sjouwerman, CEO of KnowBe4, in a statement. "Anyone hit with CryptoLocker knows how destructive it can be. With the large number of phishing threats hitting companies, people can become immune to alerts. We help IT be more proactive and train employees to learn which Red Flags to look for and how to keep themselves and the network protected."

It may be more of a publicity stunt than anything else, but the guarantee is nothing to scoff at. It is a simple truth that users are the weakest link in the security chain, and it makes sense that an investment in security awareness training should yield as much or more benefit than an equal investment in yet another layer of defense--a layer that can be easily bypassed by preying on human nature and tricking the user into doing something they shouldn't.

Join the CSO newsletter!

Error: Please check your email address.

Tags securityKnowBe4phishingmalware

More about FBI

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts