sb-au logo
Story image

Attivo Networks raises the stakes against 'Ransomware 2.0'

02 Jul 2020

Attivo Networks has added new capabilities to its endpoint detection net (EDN), which are designed to increase protection against the next generation of ransomware.

The capabilities aim to improve file protection against ‘human-operated’ ransomware, also known as ransomware 2.0 – which is more advanced and complex than standard ransomware.  It is designed to bypass traditional security controls and often do not encrypt data on the first networks that they compromise. Instead, they seek to conduct network discovery, move laterally, identify high-value assets, and use Active Directory to explore a network.  A ransom demand takes place only after the attackers have the highest-value assets to hold to ransom.

Attivo Networks created ransomware protection capabilities by hiding key locations, such as cloud storage, mapped shared networks, production files, removable disks, and selected files or folders. This means the ransomware operates within a decoy environment, thus limiting the potential for full network compromise – including an organisation’s most valuable assets.

“Advanced human-controlled ransomware can evade endpoint security controls and after initial compromise, move laterally to cause maximum damage, do data exfiltration and encrypt data,” comments Attivo Networks senior vice president of engineering, Srikant Vissamsetti.

According to a 2019 Attivo Networks Top Threat Detection Trends Survey, 66% of respondents indicated that ransomware remained a top security concern.

Attivo Networks states that traditional security controls only prevent the initial compromise of a system, leaving it exposed when advanced attacks bypass a system’s security and quietly work to elevate their attack. 

“Combatting sophisticated ransomware requires a new approach with new methods of disrupting these attackers. Attivo is now offering a comprehensive and unique solution that is shifting power back to the defenders. These innovative capabilities not only prevent successful attacks but will also quickly and efficiently derail any attacker attempting to move undetected through the on-premises or cloud networks.”

There are five primary techniques that the Attivo Networks EDN ThreatDefend platform provides to reduce the risk and prevent the spread of a ransomware attack. 

These work collectively to stop infections and detect in-network threats and other activities criminals would employ to escalate their attack. It:

  • Prevents attackers from seeing or exploiting production files, folders, removable disks, network shares, and cloud storage
  • Detects attempted exploitation and encryption of decoy file shares (when used in conjunction with BOTsink deception servers)
  • Slows an attack by distracting it with high-interaction deception techniques
  • Detects credential theft and attempted enumeration of local administrator accounts and Active Directory for privilege escalation
  • Provides native integrations that deliver automated isolation and reduce response time.
Story image
Experiencing ransomware significantly impacts cybersecurity approach
"The survey findings illustrate clearly the impact of these near-impossible demands. Among other things, those hit by ransomware were found to have severely undermined confidence in their own cyber threat awareness."More
Story image
Why IT and HR must work together to help businesses weather the storm
Employers are striving to balance team productivity, security and employee engagement. If remote work is the new norm, it’s impossible to ignore the challenging nature of the situation, writes Gigamon manager for A/NZ George Tsoukas.More
Story image
Surfshark rolls out WireGuard open source VPN protocol
When there is less code in a VPN, it is less susceptible to security vulnerabilities due to easier configuration and management, according to Surfshark.More
Link image
Edge computing is driving every corporate network - Gartner report
What’s spurring the massive growth of edge computing - and how can your business take advantage of it? Gartner explains in the Top 10 Strategic Technology Trends for 2020 Edge report.More
Link image
The importance of data resilience in the current cybersecurity climate
Protecting an organisation's data is one of the most crucial functions of any CISO. Strategies should be in place where data is stored securely and cost-effectively.More
Story image
NordVPN upgrades infrastructure with launch of colocated servers
"The greatest advantage of having colocated servers is their complete ownership, which guarantees access only by our authorised people."More