Logo of Acalvio, a leading company in cyber deception technology

Ransomware models have evolved, with ransomware as a service generating novel ransomware variants to evade detection by traditional security solutions. Ransomware has pivoted to using identity-driven exploits, trusted connection pathways, custom malware variants to evade detection. With ransomware threats adopting double and triple extortion techniques and recovery times taking months, early detection of ransomware is paramount to protect the organization from this threat.

Ransomware Models Have Evolved

Ransomware was traditionally a fully automated, malware centric approach

  • Same version across different victim organizations
Logo

Ransomware is evolving to adopt APT-style tactics

  • Ransomware-as-a Service model
  • RaaS is primarily based on human-operated ransomware
Logo

Human-operated ransomware is adaptive

  • With human decisioning
  • Attack sequence is dynamically updated based on what the attacker finds in the environment
Logo

Data exfiltration for extortion in addition to encryption

  • Exfiltrates sensitive data
  • Results in reputation impact for the organization

Ransomware-as-a-Service (RaaS) Model

RaaS is a decentralized model

How the RaaS affiliate model enables ransomware attacks

Ransomware RAAS Explain

Modern Ransomware Bypassing Traditional Security Solutions

IABs provide initial access to endpoints without traditional security solutions

  • Example: jump server with no EDR on it, providing a safe pivot point for attack actions

Ransomware using modern programming languages to evade signature-based detection

  • Example: Alphv ransomware written in Rust as signature-based tooling is primarily focused on C/C++

Uses credentials to gain trusted access to resources

  • Identity compromises such as Kerberoasting, accessing credentials from caches

Defense evasion to disable agent-based security solutions

  • Escalate privileges and disable AV/EDR on endpoint
Ransom Bypass Bin

Ransomware written in Rust, to evade signature-based detection

Ransom Bypass Terminal

Defense evasion performed by Ransomware

Deception Detects Ransomware with Precision

Test Image
  1. Set traps based for each stage of the ransomware lifecycle
  2. Observe for activity against the traps
  3. Detect ransomware and raise alerts

Approach is agnostic to the ransomware variant and specific TTPs

  • Independent of programming language, cryptographic algorithm, specific TTPs
  • Works for known and unknown (zero day) ransomware variants

Enterprise-scale Deception for Ransomware Defense

Acalvio provides a prepackaged ransomware protection playbook

Administrator imports the playbook and associates it to the relevant scope

ShadowPlex deploys purpose-built deceptions to detect ransomware early in the attack lifecycle

Automated deployment and refresh of deception across the enterprise

Alerts sent to SIEM and/or SOAR

  • Single pane of glass for SOC teams
  • MITRE mappings for standardized incident response
Ransomware Create Playbook

Response Policies to Isolate Threat

Response actions to isolate the threat

Leverages prebuilt integrations

Automated response to prevent ransomware breakout

Protects enterprise assets

Ransomware Isolate Threat

Defend Against Known and Zero-Day Ransomware

Join forces with Acalvio to defend against known and evolving ransomware variants. Stay protected as ransomware threats continue to evolve with novel variants emerging in the future.

Loading...