sb-au logo
Story image

Attivo Networks raises the stakes against 'Ransomware 2.0'

02 Jul 2020

Attivo Networks has added new capabilities to its endpoint detection net (EDN), which are designed to increase protection against the next generation of ransomware.

The capabilities aim to improve file protection against ‘human-operated’ ransomware, also known as ransomware 2.0 – which is more advanced and complex than standard ransomware.  It is designed to bypass traditional security controls and often do not encrypt data on the first networks that they compromise. Instead, they seek to conduct network discovery, move laterally, identify high-value assets, and use Active Directory to explore a network.  A ransom demand takes place only after the attackers have the highest-value assets to hold to ransom.

Attivo Networks created ransomware protection capabilities by hiding key locations, such as cloud storage, mapped shared networks, production files, removable disks, and selected files or folders. This means the ransomware operates within a decoy environment, thus limiting the potential for full network compromise – including an organisation’s most valuable assets.

“Advanced human-controlled ransomware can evade endpoint security controls and after initial compromise, move laterally to cause maximum damage, do data exfiltration and encrypt data,” comments Attivo Networks senior vice president of engineering, Srikant Vissamsetti.

According to a 2019 Attivo Networks Top Threat Detection Trends Survey, 66% of respondents indicated that ransomware remained a top security concern.

Attivo Networks states that traditional security controls only prevent the initial compromise of a system, leaving it exposed when advanced attacks bypass a system’s security and quietly work to elevate their attack. 

“Combatting sophisticated ransomware requires a new approach with new methods of disrupting these attackers. Attivo is now offering a comprehensive and unique solution that is shifting power back to the defenders. These innovative capabilities not only prevent successful attacks but will also quickly and efficiently derail any attacker attempting to move undetected through the on-premises or cloud networks.”

There are five primary techniques that the Attivo Networks EDN ThreatDefend platform provides to reduce the risk and prevent the spread of a ransomware attack. 

These work collectively to stop infections and detect in-network threats and other activities criminals would employ to escalate their attack. It:

  • Prevents attackers from seeing or exploiting production files, folders, removable disks, network shares, and cloud storage
  • Detects attempted exploitation and encryption of decoy file shares (when used in conjunction with BOTsink deception servers)
  • Slows an attack by distracting it with high-interaction deception techniques
  • Detects credential theft and attempted enumeration of local administrator accounts and Active Directory for privilege escalation
  • Provides native integrations that deliver automated isolation and reduce response time.
Link image
In the world of IT strategies, data resilience is among the most critical
The value of data in 2020 cannot be overstated, with some businesses facing catastrophe if subject to a breach. Here's why having a robust strategy to prevent this is crucial.More
Story image
Just 6,000 accounts responsible for over 100,000 email attacks - report
Barracuda has today released a report detailing how 6,170 malicious accounts that use Gmail, AOL, and other email services were responsible for more than 100,000 business email compromise (BEC) attacks on nearly 6,600 organisations. More
Story image
Trend Micro launches cloud solution for Microsoft Azure
“The security of the cloud is a cloud providers’ responsibility, but security in the cloud falls to the customer, which is where we fit."More
Link image
Network visibility: Why TAPs reign supreme compared to SPAN ports
TAPs are hardware components that connect into the cabling infrastructure to copy packets for monitoring purposes. So why are they better than SPAN ports?More
Link image
Nine developer enablement practices to achieve DevOps at enterprise scale
Senior software engineering leader with experience at multiple Fortune 500 companies shares how a metrics-driven mindset can dramatically improve software quality and enable DevOps at enterprise scale.More
Story image
CrowdStrike uncovers key cybersecurity findings following COVID-19
Businesses around the world see cybersecurity as a top investment following a mass move to remote working, and it is expected that technology budgets will rise despite uncertain economic times.More