Attivo Networks has added new capabilities to its endpoint detection net (EDN), which are designed to increase protection against the next generation of ransomware.
The capabilities aim to improve file protection against ‘human-operated’ ransomware, also known as ransomware 2.0 – which is more advanced and complex than standard ransomware. It is designed to bypass traditional security controls and often do not encrypt data on the first networks that they compromise. Instead, they seek to conduct network discovery, move laterally, identify high-value assets, and use Active Directory to explore a network. A ransom demand takes place only after the attackers have the highest-value assets to hold to ransom.
Attivo Networks created ransomware protection capabilities by hiding key locations, such as cloud storage, mapped shared networks, production files, removable disks, and selected files or folders. This means the ransomware operates within a decoy environment, thus limiting the potential for full network compromise – including an organisation’s most valuable assets.
Read the full article at Security Brief Europe.