Active Defense for
Detecting and Mitigating Ransomware
Ransomware continues to plague business of all sizes and industries. Regular backups and standard preventive controls are clearly insufficient, as the attacks have become more sophisticated and have added data exfiltration and extortion threats.
“It’s a big problem that is getting bigger, and the data indicates a lack of protection from this type of malware in organizations, but that can be stopped. “
Verizon DBIR 2020 on Ransomware
Acalvio ShadowPlex uses AI-Driven Advanced Deception Technology to deliver effective Active Defense to combat Ransomware. It includes three attributes that provide precise, rapid Ransomware detection and mitigation.
First, ShadowPlex provides detection at every phase of the Ransomware kill chain:
The pre-defined ShadowPlex Ransomware playbook determines the correct mix of decoys, breadcrumbs and baits to act as tripwires for each stage of the kill chain. Both known and unknown (zero-day) attacks are effectively detected with this approach.
Second, the solution uses the advantages inherent in ShadowPlex to create an operationally viable and credible defense:
- Autonomous Deception – Automates the deployment and updates of deception artifacts
- Deception Farm and Fluid Deception – Resource efficient, high scale pooling of deception assets
- Agentless– Easy to deploy; low risk to production systems
Third, ShadowPlex integrates with EDR and SOAR solutions for automated mitigation:
- Device Isolation – Stops lateral movement propagation
- Process Termination – Stops encryption, backup deletion, and C&C communication
- API Trigger – Custom mitigation and response
