Detecting and Stopping
RANSOMWARE ATTACK with Seceon aiSIEM / aiXDR
TM TM
- By Pushpendra Mishra
Ransomware attacks are synonymous with ransom demand for valuable data held hostage by the attacker. The ransom can be quite a non-trivial amount for businesses and enterprises as stakes get higher. Also, holding a critical server hostage by rendering it inoperable means instant loss of productivity and if we apply that across multiple endpoints and servers, we’re looking at an amplified loss. What if there is no guarantee that the malefactor is going to release the key to terminate the ransomware kill chain, even after receiving the ransom demanded? What if the perpetrator has syphoned data from the endpoint or host with the intent of trading personal information and business sensitive data in the dark web for commercial gains or other harmful reasons? Over last few years, businesses, enterprises and organizations have seen the likes of WannaCry, CryptoLocker, Ryuk, Petya, notPetya, Maze and many more. With uncertainty looming over reprieve from ransomware, worsened by the additional burden (and costs) of the remediation process, it becomes quite obvious that we’re dealing with a significant threat vector that needs to be detected early in its infestation sequence. Also, actions have to be taken promptly to minimize and contain the damage.
RANSOMWARE
ATTACK STAGES
The Emotet trojan ranks among the most prevalent malware in recent years and has been a primary vehicle for delivering Ryuk ransomware across various industries worldwide, targeting Banking industries and Financial Services companies in a big way. Disguised as safe attachment (.doc) delivered with phishing emails, this trojan can evade detection by advanced security tools through mutation and often presents itself as Zero-Day malware. Hence, a complete mosaic of the threat profile needs to be created with high degree of certainty based on activities within a host or endpoint, type of outgoing requests, movement patterns and various other indications, as shown in Figure-1.
RANSOMWARE ATTACK STAGES WITH EMAIL PHISHING
www.seceon.com
Page 1