Detecting Zero Day
Ransomware


It has been widely established that data backups are no longer a safety net for ransomware threats. Recent ransomware strains add data exfiltration in addition to extortion.
Here are a few noteworthy examples that should add immense concern to technical and business stakeholders:
- Sodinokibi Ransomware published stolen data
- Allied Universal was breached by Maze ransomware and the stolen data was leaked
- Nemty ransomware started leaking non-paying victim’s data
1. | Initial Access |
3. | Persistence |
5. | Defense evasion |
7. | Discovery |
9. | Collection |
11. | Exfiltration |
2. | Execution |
4. | Privilege execution |
6. | Credential access |
8. | Lateral movement |
10. | Command and Control |
12. | Impact |
Such virulent strains of ransomware cause irreparable damage because they embrace very advanced techniques:
- They have a deep understanding of security layers
- They avoid using vssadmin
- They execute commands via proxies
- They avoid sinkholing
- They evade debugging techniques
- They avoid blocking by IPS
- They leverage “Living off the land techniques”
- They are often human assisted
- They leverage all 12 MITRE Tactics:
ShadowPlex uses AI-Driven Advanced Deception Technology to deliver an effective solution to combat
even zero day ransomware
In Summary, ShadowPlex Ransomware Solution is based on:
- Acalvio Ransomware Kill Chain
- Leverages ShadowPlex Deceptions Technology
- Real-time Automated Response via integration with CrowdStrike EDR / SOAR / Network Security products
It is agnostic to :
- Delivery mechanism of ransomware
- Programming language, scripting language
- Type of Cryptography used
- C&C communication method
- File based and file-less ransomware
- Memory resident or disk based
- Lateral movement type
- Data repository
- Payment method
- Deception based Ransomware
- APT style Ransomware