Detecting Zero Day

Ransomware

It has been widely established that  data backups are no longer a safety net for ransomware threats. Recent ransomware strains add data exfiltration in addition to extortion. 

Here are a few noteworthy examples that should add immense concern to technical and business stakeholders:

  • Sodinokibi Ransomware published stolen data
  • Allied Universal was breached by Maze ransomware and the stolen data was leaked
  • Nemty ransomware started leaking non-paying victim’s data

Such virulent strains of ransomware cause irreparable damage because they embrace very advanced techniques:

  • They have a deep understanding of security layers
    • They avoid using vssadmin
    • They execute commands via proxies
    • They avoid sinkholing
    • They evade debugging techniques
    • They avoid blocking by IPS
  • They leverage “Living off the land techniques”
  • They are often human assisted
  • They leverage all 12 MITRE Tactics:
1. Initial Access 2. Execution 3. Persistence
4. Privilege execution 5. Defense evasion 6. Credential access
7. Discovery 8. Lateral movement 9. Collection
10. Command and Control 11. Exfiltration 12. Impact

ShadowPlex uses AI-Driven Advanced Deception Technology to deliver an effective solution to combat
even zero day ransomware

Acalvio Autonomous Deception

ADD TO
NETWORK

  • End points
  • Applications
  • IoT devices
  • Cloud Decoys (S3)

Acalvio Autonomous Deception

LEAD TO
DECOYS

  • Credentials
  • URLs
  • Ad
  • Network Traffic

TRIP
WIRES

  • Beaconing Docs
  • Processes
  • Tools
Acalvio Autonomous Deception

MAKING DECEPTIONS ATTRACTIVE

  • Vulnerabilities
  • Mis-configurations
  • Default/weak Credentials

In Summary, ShadowPlex Ransomware Solution is based on:

  • Acalvio Ransomware Kill Chain
  • Leverages ShadowPlex Deceptions Technology
  • Real-time Automated Response via integration with CrowdStrike EDR / SOAR / Network Security products

 

It is agnostic to :

  • Delivery mechanism of ransomware
  • Programming language, scripting language
  • Type of Cryptography used
  • C&C communication method
  • File based and file-less ransomware
  • Memory resident or disk based
  • Lateral movement type
  • Data repository
  • Payment method
  • Deception based Ransomware
  • APT style Ransomware