Detect Ransomware Before It's Too Late with Alienvault

Detect Ransomware Before It's Too Late with Alienvault

Live Demo: Detect Ransomware Before it’s Too Late with AlienVault USM Introductions Garrett Gross Mark Allen Sr. Technical Product Marketing Mgr Technical Sales Engineer Resources for USM Customers Customer Support Portal: https://alienvaultsupport.force.com/Customer/login Don’t have an account? E-mail [email protected] AlienVault Forums: Weekly Threat Intelligence Update Summaries Product Update Notifications & Release Notes Product Feedback User Discussions AlienVault Blog – Analysis from the AlienVault Labs research team, practical tips to secure your environment & industry trends Agenda • Ransomware 101 • Tips to mitigate these threats • Demo: Using USM to Detect Ransomware • Correlation directives • Detecting communications with the C&C server • Incident investigation @AlienVault Ransomware 101 • Malicious payload restricts access to files and demands ransom paid to recover them • First known example (“AIDS/PC Cyborg” trojan) seen in 1989 • Ransomware sightings picked back up in 2005 (Gpcode(.AG, .AK), Archiveus, etc. • Using more and more complicated encryption schemes • 2013 – CryptoLocker puts ransomware “on the map” • 10/15/2013 – 12/18/2013 – estimated $27m extorted • 6/2014 - ZeuS botnet eventually seized by US DOJ • Still seeing variants today (CL v2.0, CryptoLocker.F, TorrentLocker…) Ransomware in 4 Easy Steps 1. Malware delivered via email or drive-by 2. File executes & compromises system 3. Trojan connects with C&C server 4. Encryption & notification of user begins Mitigation Especially with today’s variants, you will not be able to decrypt your data via conventional means. Here are some steps to take to thwart these attacks: • Backup your data… OFTEN • Educate your users about malicious emails/attachments • Keep operating systems and applications updated • Keep endpoint protection up to date Firewalls/Antivirus are not enough • Firewalls are usually not the target – too difficult to effectively penetrate • Endpoints are the target, usually via email, url redirects, misc malicious files, etc. • With 160,000 new malware samples seen every day, antivirus apps will not find every threat • Needs to be bolstered by regular and comprehensive monitoring. Asset Discovery • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing • Remediation Verification Threat Detection • Network IDS • Host IDS • Wireless IDS • File Integrity Monitoring Behavioral Monitoring • Log Collection • Netflow Analysis • Service Availability Monitoring Security Intelligence • SIEM Event Correlation • Incident Response @AlienVault AlienVault Labs Threat Intelligence • Weekly updates to correlation directives to detect emerging threats • Recent updates related to Ransomware threats: • System Compromise, Ransomware infection, VirLock • System Compromise, Ransomware infection, TorrentLocker • System Compromise, C&C Communication, TorrentLocker SSL • System Compromise, Malware Infection, Cryptowall (Expanded Detection Technique) • System Compromise, Malware Infection, Cryptolocker (Expanded Detection Technique) • System Compromise, Malware Infection, CoinVault • System Compromise, Malware Infection, CoinLocker Demo Now for some Q&A Get the most out of AlienVault Questions? Customer Support Portal https://alienvaultsupport.force.com/Customer/login www.alienvault.com/support Weekly Threat Intelligence Update Summaries https://www.alienvault.com/forums/categories/alienvault-labs-updates 888.613.6023 Subscribe to the AlienVault Blog https://www.alienvault.com/blogs Hands-on 5-day Training Classes, in-person or “Live on-line” [email protected] https://www.alienvault.com/support/classroom-training NEW! Free 1-hr USM Health Checks https://www.alienvault.com/support/usm-health-check Renewals, Expansions or Services Contact [email protected] .

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    12 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us