Ransomware Protection

Detect Known and Zero-Day Ransomware with Precision

Ransomware models have evolved, with ransomware-as-a-service (RaaS) generating novel variants to evade detection by traditional ransomware solutions. Ransomware has pivoted to using identity-driven exploits, trusted connection pathways, and custom malware variants to evade detection. With ransomware threats adopting double and triple extortion techniques and recovery times taking months, early detection of ransomware is paramount to protect the organization from this threat.

Ransomware Models Have Evolved

Ransomware was traditionally a fully automated, malware-centric approach

Same version across different victim organizations

Ransomware is evolving to adopt APT-style tactics

Ransomware-as-a Service model
RaaS is primarily based on human-operated ransomware

Human-operated ransomware is adaptive

With human decisioning
Attack sequence is dynamically updated based on what the attacker finds in the environment

Data exfiltration for extortion in addition to encryption

Exfiltrates sensitive data
Results in reputation impact for the organization

Ransomware-as-a-Service (RaaS) Model

RaaS is a decentralized model

How the RaaS affiliate model enables ransomware cyber attacks

Modern Ransomware Bypassing Traditional Security Solutions

Initial access brokers (IABs) provide initial access to endpoints without traditional security solutions

Example: jump server with no EDR on it, providing a safe pivot point for attack actions

Ransomware using modern programming languages to evade signature-based detection

Example: Alphv ransomware written in Rust as signature-based tooling is primarily focused on C/C++

Uses credentials to gain trusted access to resources

Identity compromises such as Kerberoasting, accessing credentials from caches

Defense evasion to disable agent-based security solutions

Escalate privileges and disable AV/EDR on endpoint

Ransomware written in Rust, to evade signature-based detection

Defense evasion performed by Ransomware

Deception Detects Ransomware with Precision

Set traps specific to each stage of the ransomware lifecycle
Observe for activity against the traps
Detect ransomware and raise alerts

Deception-based detection approach is agnostic to the ransomware variant and specific TTPs

Independent of programming language, cryptographic algorithm, specific TTPs
Works for known and unknown (zero day) ransomware variants

Enterprise-scale Deception for Ransomware Security

Acalvio provides a prepackaged ransomware protection playbook

Administrator imports the playbook and associates it with the relevant scope

ShadowPlex deploys purpose-built deceptions to detect ransomware early in the attack lifecycle

Automated deployment and refresh of deception across the enterprise

Alerts sent to SIEM and/or SOAR

Single pane of glass for SOC teams
MITRE mappings for standardized incident response

Response Policies to Isolate Threat

Response actions to isolate the threat

Leverages prebuilt integrations

Automated response to prevent ransomware breakout

Protects enterprise assets

Discover More

Learn how deception provides a necessary detection layer for early threat detection for endpoint security, network security, and identity security.

by Team Acalvio | July 18, 2024

Acalvio ShadowPlex Ransomware Protection

How security teams can defend against evolving ransomware variants and protect their sensitive data

Defend Against Known and Zero-Day Ransomware

Join forces with Acalvio to defend against known and evolving ransomware variants. Stay protected as ransomware threats continue to evolve with novel variants emerging in the future.

SCHEDULE A DEMO

FAQs

What is ransomware, and how does it work?

Ransomware is a type of malware that encrypts a victim’s files and demands payment to restore access, functioning as a form of digital extortion. It typically infiltrates a system through phishing emails, malicious attachments, or by exploiting a vulnerability, then encrypts files and demands a ransom, usually in cryptocurrency.

How does ransomware typically spread to devices?

Ransomware spreads through phishing emails with malicious attachments, exploiting vulnerabilities in the system, or drive-by downloads from compromised websites. It can also propagate via infected USB drives or network shares.

Can antivirus software protect against ransomware?

Antivirus software can offer some level of protection against ransomware. However, ransomware often employs sophisticated techniques that can evade traditional antivirus detection.

How can Acalvio be used to counter ransomware attacks?

Acalvio’s enterprise ransomware protection solution uses purpose-built deceptions, such as ransomware detection baits, to detect encryption actions performed by ransomware. This enables high-fidelity incident detection, automated notification, and response actions, integrated with existing SOC workflows to counter ransomware threats effectively.