Detecting Zero Day Ransomware

It has been widely established that data backups are no longer a safety net for ransomware threats. Recent ransomware strains add data exfiltration in addition to extortion.

Here are a few noteworthy examples that should add immense concern to technical and business stakeholders:

  • Sodinokibi Ransomware published stolen data
  • Allied Universal was breached by Maze ransomware and the stolen data was leaked
  • Nemty ransomware started leaking non-paying victim’s data

Such virulent strains of ransomware cause irreparable damage because they embrace very advanced techniques:

  • They have a deep understanding of security layers
    • They avoid using vssadmin
    • They execute commands via proxies
    • They avoid sinkholing
    • They evade debugging techniques
    • They avoid blocking by IPS
  • They leverage “Living off the land techniques”
  • They are often human assisted
  • They leverage all 12 MITRE Tactics:
1. Initial Access 2. Execution 3. Persistence
4. Privilege execution 5. Defense evasion 6. Credential access
7. Discovery 8. Lateral movement 9. Collection
10. Command and Control 11. Exfiltration 12. Impact

ShadowPlex uses AI-Driven Advanced Deception Technology to deliver an effective solution to combat even zero day ransomware

ADD TO
NETWORK

  • End points
  • Applications
  • Iot devices
  • Cloud decoys (S3)

LEAD TO
DECOYS

  • Credentials
  • URLs
  • AD
  • Network traffic

TRIP
WIRES

  • Beaconing docs
  • Processes
  • Tools

MAKE DECEPTIONS ATTRACTIVE

  • Vulnerabilities
  • Mis-configurations
  • Default/weak credentials

In Summary, ShadowPlex Ransomware Solution is based on:

  • Acalvio Ransomware Kill Chain
  • Leverages ShadowPlex Deceptions Technology
  • Real-time Automated Response via integration with CrowdStrike EDR / SOAR / Network Security products

It is agnostic to:

Delivery mechanism of ransomware Programming language, scripting language Type of Cryptography used
C&C communication method File based and file-less ransomware Memory resident or disk based
Lateral movement type Data repository Payment method
Deception based Ransomare APT style Ransomware

Thereby, it is the industry’s MOST EFFECTIVE technique for combating Zero Day Ransomware.