Preventing ransomware and disruption of service attacks remain a top priority for organizations of all sizes and while EPP and EDR stop most commodity infections, today’s human-controlled ransomware can evade traditional endpoint defenses. These advanced adversaries use APT-like tactics to conduct reconnaissance, steal credentials, elevate privileges, and move laterally. To defend against these advanced attacks, organizations are turning to the Attivo ThreatDefend platform’s ransomware mitigation functions which can derail even the most sophisticated ransomware attacks. The platform hides and denies access to local files, folders, removable devices, and mapped network or cloud shares. It also creates fake network file shares that feed the ransomware limitless data to stall the attack so the organization can promptly isolate infected systems and stop further damage.
2/3 of respondents listed malware/ransomware as the top security concern
Cyber criminals are increasingly turning to ransomware as a secondary source of income.
Ransomware is the third most common Malware breach variety and the second most common Malware incident variety.
Organizations reported their controls did not prevent or detect infiltration and ransomware tactics 68% of the time.
The ThreatDefend platform offers ransomware mitigation functions through the EDN family of products and the BOTsink deception server. The EDN solution maps hidden shares locally on the endpoint that lead to decoy file servers created by the BOTsink server. These decoys look like production file servers but contain fake files. It also hides and denies access to local files, folders, removeable drives, and mapped network or cloud shares. When the ransomware attempts to look for data to encrypt by enumerating the local directories and network shares, the EDN solution prevents the ransomware from seeing the hidden user files, folders, and production network shares but will show the decoy mapped shares. As the ransomware spreads to the fake network shares to encrypts the files, the decoys alerts on the activity and feed the malware limitless data to stall the attack so the organization can respond in time. It also hides the removable USB storage drives to keep the malware from encrypting the data or using them to spread to other systems. These ransomware mitigation functions can limit damage that ransomware can inflict on user and network data while delaying its spread and giving the security teams the time to respond to the infection
Ransomware Mitigation Solution Brief