Ransomware Prevention & Detection

Ransomware Today

Once infected, ransomware can lock out users and/or encrypt an organization’s files, demanding ransom in exchange for regaining access.

It is expected to grow to a $20 billion market by 2021, showing no signs of slowing down – ransomware attacks have increased 50% on a daily average over the past three months (Cybersecurity Ventures | Check Point).

Blumira can help your organization prevent, detect and respond to attacks before they result in ransomware infection.

Image

Attack Stage: Discovery

Detect & Respond to Recon Scanning

Scanning is one way attackers perform reconnaissance on your network, seeking vulnerable areas to attack – a tactic used in the Discovery stage of attack, according to MITRE’s ATT&CK framework. By detecting source IPs running port scanning tools on your network, Blumira can detect and alert you to an attacker early in the stages of an attack, before ransomware infection.

Image

Attack Stage: Credential Access

Detect & Respond to Access Attacks

RDP is the most common ransomware attack vector (Coveware). By brute-forcing or buying stolen RDP (Remote Desktop Protocol) credentials, an attacker can gain access to and infect your network with ransomware. Password spraying is another brute-force method used to gain initial access. Blumira can detect password spraying, account lockouts, RDP connections, open ports and more.

Blumira also provides security playbooks to guide you through best security practices and next steps to help reduce your overall attack surface, such as updating firewall policies to block inbound connections from the internet.

Image

Attack Stage: Privilege Escalation

Detect & Respond to New Admin Accounts

Once they’ve gained a foothold, attackers will often change privileges on user accounts in order to move laterally throughout your environment, as well as get permissions to install ransomware on your systems.

Blumira can detect and alert you whenever administrator-level accounts are added, and provide your IT or security team with guidance on how to mitigate the risk of privilege escalation.

Image

Attack Stage: Exfiltration

Detect & Respond to Data Exfiltration

While detecting stolen data leaving your environment often seems like the aftermath of a ransomware infection, attackers are now stealing data before infection to use as additional leverage for demanding a ransom. To prevent data exposure, Blumira detects data exfiltration via generic network protocols to alert you to an attacker’s actions. Blumira also detects any anomalous internal web traffic that can indicate an attempt to exfiltrate data out of your environment.

Image

Attack Stage: Execution

Detect & Respond to Malicious Applications & Files

Attackers download and execute malicious files in order to install ransomware on your systems. By detecting when an application is dropping a new file or script onto a machine, Blumira notifies your team of potentially malicious executables that may not be whitelisted, and could present a threat to your organization. This visibility allows you to detect a ransomware attack early and respond quickly to block or contain it.

Image

Let's Talk

Additional Resources

Ransomware Prevention

Protect your organization against a rise in ransomware attacks by detection and responding to security threats before they result in ransomware infection.

Top Security Threats: Detecting Ransomware Tactics

Ransomware is targeting SMBs, using new tactics to evade detection. Here's how to effectively detect risky activity and protect against infection.

RDP Risk: Ransomware Targets

Manufacturing and Energy Plants Ransomware targeting industrial control systems shut down major manufacturing and energy plants - detecting RDP risk is key to stop infection.

Protecting Against Ragnar Locker Ransomware

Get visibility into common Windows security events that can help you prevent lateral movement, ransomware infection and a potential system compromise.

Ready to Get Started?

Schedule a Demo

Schedule Demo