Threats 101
Ryan Harnedy
May 2016

Can't Antivirus Stop Most Ransomware? Not on Its Own.

Photo by Source


As a kid one of my favorite things in the world was professional wrestling, and one of my favorite things about professional wrestling was the tag teams

There was something so cool about seeing two people, each wildly different in skill, style, and approach, teaming up to take on the world. Each playing on each other’s strengths, and shoring up the other’s weaknesses. It was a great lesson in teamwork and friendship.

While I didn’t know it at the time, it was also a lesson that can be applied to endpoint security, and specifically, the importance of developing a multi-layer approach. In a world where malware recovery costs $3,000 per day it makes sense to have multiple types of protection at multiple points to ensure that you’re protected from ransomware, malware, and other cyber attacks.

If you, like 86% of security professionals, are looking to augment your current antivirus solution, then you’ll want to look for a tag team partner that’s going to help tag in and pick up the slack where antivirus is weakest.

Now Entering the Ring: Antivirus!

Antivirus reads the signature of known ransomware, and if it "sees” a signature that it recognizes as a threat it blocks it. As a result, antivirus is a great tool for stopping any known, previously successful types of ransomware from breaching your business. Think of it as the grizzled old veteran, climbing into the ring for another shot at the title. It knows all the moves, and any time if faces off against an opponent it's faced before it knows each hold that opponent is going to use, and how to stop them.

However, while antivirus knows how to handle familiar threats, it doesn’t do a great job of protecting you from attacks that use new ransomware or ransomware that's been disguised.


Hackers know how antivirus operates, and they routinely evade detection by making small changes to their malware, so antivirus can’t recognize its signature.

When you consider that there are over 390,000 new malware varients created surfacing every day and that 99% of malware is only seen once before hackers modify the code so it can continue evading detection, it becomes clear you need something in addition to antivirus to protect yourself from the new cyberthreats AV isn’t designed to deal with.

Enter: Behavior-Based Endpoint Security

Unlike signature-based antivirus, behavior-based endpoint security looks to (shockingly) the behavior of software to detect malware infestations. So even if a piece of malware has a new signature that antivirus doesn’t detect, a behavioral-based solution will see it’s up to no good and stop it before it has a chance to infect your system.

Think of behavioral-based endpoint security as the hot young rookie. It’s fresh, hungry and ready to bring a new style to the ring. It’s got a lot of respect for the old vets but it knows there are new moves antivirus hasn’t seen yet. It’s ready to step in when cybercriminals go for the pin.

Case in point: when the 4.0 version of CryptoWall was released it avoided initial detection. Because it had a new signature antivirus solutions didn’t recognize. By looking at the program’s behavior rather than trying to find a match for its signature, Barkly saw that CryptoWall was trying to put data in a ransom-lock submission hold and stopped it right away, no updates or patches needed.

Quick Recap

Like all great tag-teams, antivirus and behavioral-based endpoint security both have different strengths you can leverage to make sure cybercriminals never pin down your data or take your network down for the count.

Signature-based antivirus detection

Strength: Maintaining a large database of existing threats and protecting you from the most common (and often most successful) ransomware attacks.

Behavior-based detection

Strength: Ability to catch ransomware attacks that antivirus isn’t able to detect and stop.

Utilizing both types of security together helps ensure you have the greatest breadth of coverage over the biggest variety of threats. You’ve got the wise, knowledgeable antivirus who has seen all the tricks and knows how to break every classic pin, and you’ve got young, intuitive endpoint security ready to step in, improvise, and read the ring to counter any new moves it might see in the ring.

Ready to get started with multi-level protection? Check out the IT Pro's Guide to Endpoint Security for a detailed walkthrough of how look for, evaluate, and test your new level of endpoint security.

Photos by Ryan McGuire and David Goehring 
Ryan Harnedy

Ryan Harnedy

Ryan writes about how to make cybersecurity make sense to end users and keep employees safe from ransomware, malware, and phishing attacks. He enjoys decoding buzzwords and sharing security tips that users might actually follow.


Close the gaps in your security

Stop paying for AV, get the strongest protection instead. See how Barkly blocks attacks that are getting past AV.

See a demo


Stay informed!

Get the latest security news, tips, and trends straight to your inbox.

Stay informed!

Get the latest security news, tips, and trends straight to your inbox.