OVERVIEW
Preventing ransomware and disruption of service attacks remain a top priority for organizations of all sizes and while EPP and EDR stop most commodity infections, today’s human-controlled ransomware can evade traditional endpoint defenses. These advanced adversaries use APT-like tactics to conduct reconnaissance, steal credentials, elevate privileges, and move laterally. To defend against these advanced attacks, organizations are turning to the Attivo ThreatDefend platform’s ransomware mitigation functions which can derail even the most sophisticated ransomware attacks. The platform hides and denies access to local files, folders, removable devices, and mapped network or cloud shares. It also creates fake network file shares that feed the ransomware limitless data to stall the attack so the organization can promptly isolate infected systems and stop further damage.
The State of Ransomware
2/3 of respondents listed malware/ransomware as the top security concern
Cyber criminals are increasingly turning to ransomware as a secondary source of income.
Ransomware is the third most common Malware breach variety and the second most common Malware incident variety.
Organizations reported their controls did not prevent or detect infiltration and ransomware tactics 68% of the time.
Ransomware Mitigation
The ThreatDefend platform offers ransomware mitigation functions through the EDN family of products and the BOTsink deception server. The EDN solution maps hidden shares locally on the endpoint that lead to decoy file servers created by the BOTsink server. These decoys look like production file servers but contain fake files. It also hides and denies access to local files, folders, removeable drives, and mapped network or cloud shares. When the ransomware attempts to look for data to encrypt by enumerating the local directories and network shares, the EDN solution prevents the ransomware from seeing the hidden user files, folders, and production network shares but will show the decoy mapped shares. As the ransomware spreads to the fake network shares to encrypts the files, the decoys alerts on the activity and feed the malware limitless data to stall the attack so the organization can respond in time. It also hides the removable USB storage drives to keep the malware from encrypting the data or using them to spread to other systems. These ransomware mitigation functions can limit damage that ransomware can inflict on user and network data while delaying its spread and giving the security teams the time to respond to the infection
PROTECTED ASSETS
Local Files
Local Folders
Network Shares
Cloud Shares
Removable Drives
BENEFITS
Organizations choose Attivo Networks because:
Early Detection
- Get substantiated detection of ransomware activity.
Stop Propagation
- Deny ransomware from spreading to production network shares or removeable storage media.
Prevention vs. recovery
- Prevent ransomware from damaging data by denying visibility and exploitation of files, folders, attached storage, and network or cloud shares.
Broad Effectiveness
- Comprehensive protection and accurate detection regardless of ransomware strain.
“WE DON’T KNOW ANY OTHER TECHNOLOGY THAT HAS A BETTER SIGNAL TO NOISE RATIO. DECEPTION TECHNOLOGY IS SIMPLE, INEXPENSIVE, AND IT WORKS.”
SPOTLIGHT
Ransomware Mitigation Solution Brief