Detecting Zero Day

Ransomware

It has been widely established that  data backups are no longer a safety net for ransomware threats. Recent ransomware strains add data exfiltration in addition to extortion. 

Here are a few noteworthy examples that should add immense concern to technical and business stakeholders:

  • Sodinokibi Ransomware published stolen data
  • Allied Universal was breached by Maze ransomware and the stolen data was leaked
  • Nemty ransomware started leaking non-paying victim’s data
1. Initial Access
3. Persistence
5. Defense evasion
7. Discovery
9. Collection
11. Exfiltration
2. Execution
4. Privilege execution
6. Credential access
8. Lateral movement
10. Command and Control
12. Impact

Such virulent strains of ransomware cause irreparable damage because they embrace very advanced techniques:

  • They have a deep understanding of security layers
    • They avoid using vssadmin
    • They execute commands via proxies
    • They avoid sinkholing
    • They evade debugging techniques
    • They avoid blocking by IPS
  • They leverage “Living off the land techniques”
  • They are often human assisted
  • They leverage all 12 MITRE Tactics:

ShadowPlex uses AI-Driven Advanced Deception Technology to deliver an effective solution to combat
even zero day ransomware

Acalvio Autonomous Deception

ADD TO
NETWORK

  • End points
  • Applications
  • IoT devices
  • Cloud Decoys (S3)

Acalvio Autonomous Deception

LEAD TO
DECOYS

  • Credentials
  • URLs
  • Active Directory
  • Network Traffic

TRIP
WIRES

  • Beaconing Docs
  • Processes
  • Tools
Acalvio Autonomous Deception

MAKING DECEPTIONS ATTRACTIVE

  • Vulnerabilities
  • Mis-configurations
  • Default/weak Credentials

In Summary, ShadowPlex Ransomware Solution is based on:

  • Acalvio Ransomware Kill Chain
  • Leverages ShadowPlex Deceptions Technology
  • Real-time Automated Response via integration with CrowdStrike EDR / SOAR / Network Security products

 

It is agnostic to :

  • Delivery mechanism of ransomware
  • Programming language, scripting language
  • Type of Cryptography used
  • C&C communication method
  • File based and file-less ransomware
  • Memory resident or disk based
  • Lateral movement type
  • Data repository
  • Payment method
  • Deception based Ransomware
  • APT style Ransomware