Ransomware Prevention & Detection

Once infected, ransomware can lock out users and/or encrypt an organization’s files, demanding ransom in exchange for regaining access.

It is expected to grow to a $20 billion market by 2021, showing no signs of slowing down – ransomware attacks have increased 50% on a daily average over the past three months (Cybersecurity Ventures | Check Point).

Blumira can help your organization prevent, detect and respond to attacks before they result in ransomware infection.

Scanning is one way attackers perform reconnaissance on your network, seeking vulnerable areas to attack – a tactic used in the Discovery stage of attack, according to MITRE’s ATT&CK framework. By detecting source IPs running port scanning tools on your network, Blumira can detect and alert you to an attacker early in the stages of an attack, before ransomware infection.

RDP is the most common ransomware attack vector (Coveware). By brute-forcing or buying stolen RDP (Remote Desktop Protocol) credentials, an attacker can gain access to and infect your network with ransomware. Password spraying is another brute-force method used to gain initial access. Blumira can detect password spraying, account lockouts, RDP connections, open ports and more.

Blumira also provides security playbooks to guide you through best security practices and next steps to help reduce your overall attack surface, such as updating firewall policies to block inbound connections from the internet.

Once they’ve gained a foothold, attackers will often change privileges on user accounts in order to move laterally throughout your environment, as well as get permissions to install ransomware on your systems.

Blumira can detect and alert you whenever administrator-level accounts are added, and provide your IT or security team with guidance on how to mitigate the risk of privilege escalation.

While detecting stolen data leaving your environment often seems like the aftermath of a ransomware infection, attackers are now stealing data before infection to use as additional leverage for demanding a ransom. To prevent data exposure, Blumira detects data exfiltration via generic network protocols to alert you to an attacker’s actions. Blumira also detects any anomalous internal web traffic that can indicate an attempt to exfiltrate data out of your environment.

Attackers download and execute malicious files in order to install ransomware on your systems. By detecting when an application is dropping a new file or script onto a machine, Blumira notifies your team of potentially malicious executables that may not be allowlisted, and could present a threat to your organization. This visibility allows you to detect a ransomware attack early and respond quickly to block or contain it.