Illusive Blog April 9, 2021

Video: How Deception Works Effectively Against Targeted Ransomware

By Jason Silberman
Active Defense, Deception Technology, Targeted Ransomware

Ransomware continues to dominate security news headlines. Over the past month alone, we’ve heard about:

Again, that is only from the past 4 weeks. In conversations we are having with enterprise security teams and independent analysts, ransomware is often cited as the #1 priority right now. 

Recently Jon Oltsik, Senior Principal Analyst at Enterprise Strategy Group (ESG), spoke about how a deception-technology fueled active defense approach can work effectively against targeted ransomware, before attackers can encrypt and exfiltrate business-critical data

As Otsik notes, as opposed to commodity ransomware, targeted ransomware, or advanced ransomware threats (ARTs) often mimic Advanced Persistent Threats (APTs) – initial entry into the network, credential harvesting and privilege escalation, living off the land techniques, and lateral movement towards Crown Jewel assets. 

Otsik notes that Illusive’s active defense approach is comprised of 3 primary components:

  1. Attack surface discovery to uncover existing artifacts that could be used as low hanging fruit by attackers user credentials cached in memory, open RDP connections, shadow administrator credentials, and more.
  2. Deceptive data planted on production workstations and servers, designed to emulate the exact assets for attackers to successfully conduct ransomware attacks. Oltsik says that this causes confusion, the abandonment of automated tools and processes by attackers thereby slowing them down, and some attackers even giving up and moving on to other targets.
  3. Deep forensic details that compliment other security monitoring tools, and accelerate incident investigation and response.

“Deception technology can be used specifically as a defense against ransomware attacks – advanced ransomware attacks – in 2021. This alone should be an attractive feature benefit for cybersecurity and security operations teams.”

Watch the video to see ESG Analyst Jon Oltsik break down how an Active Defense using deception technology detects ransomware, confuses the attacker, and stops their lateral movement.

Learn more about Illusive deception and ransomware