Video: How Deception Works Effectively Against Targeted Ransomware

Ransomware continues to dominate security news headlines. Over the past month alone, we’ve heard about:

• Bad actors using Microsoft Exchange server exploits to gain entry to networks, before manually running DearCry ransomware.
• The Exchange exploit was a possible factor in $50M ransomware attack on Acer.
• A Russian ransomware group tried to recruit a Tesla employee to launch a ransomware attack against the company (thankfully, the attempt was unsuccessful). 
• Ransomware attacks cost the healthcare industry $20.8 billion in downtime in 2020, double the number from 2019.
• Insurance firm CNA was the victim of a new ransomware called Phoenix CryptoLocker. 
• Cring ransomware attackers exploited a Fortinet VPN vulnerability to disrupt two manufacturing plants in Europe.

Again, that is only from the past 4 weeks. In conversations we are having with enterprise security teams and independent analysts, ransomware is often cited as the #1 priority right now. 

Recently Jon Oltsik, Senior Principal Analyst at Enterprise Strategy Group (ESG), spoke about how a deception-technology fueled active defense approach can work effectively against targeted ransomware, before attackers can encrypt and exfiltrate business-critical data

As Otsik notes, as opposed to commodity ransomware, targeted ransomware, or advanced ransomware threats (ARTs) often mimic Advanced Persistent Threats (APTs) – initial entry into the network, credential harvesting and privilege escalation, living off the land techniques, and lateral movement towards Crown Jewel assets. 

Otsik notes that Illusive’s active defense approach is comprised of 3 primary components:

1. Attack surface discovery to uncover existing artifacts that could be used as low hanging fruit by attackers user credentials cached in memory, open RDP connections, shadow administrator credentials, and more.
2. Deceptive data planted on production workstations and servers, designed to emulate the exact assets for attackers to successfully conduct ransomware attacks. Oltsik says that this causes confusion, the abandonment of automated tools and processes by attackers thereby slowing them down, and some attackers even giving up and moving on to other targets.
3. Deep forensic details that compliment other security monitoring tools, and accelerate incident investigation and response.

“Deception technology can be used specifically as a defense against ransomware attacks – advanced ransomware attacks – in 2021. This alone should be an attractive feature benefit for cybersecurity and security operations teams.”

Watch the video to see ESG Analyst Jon Oltsik break down how an Active Defense using deception technology detects ransomware, confuses the attacker, and stops their lateral movement.

Learn more about Illusive deception and ransomware

• How to leverage deterministic threat detection to block the malicious lateral movement that causes today’s most dangerous and costly ransomware attacks.
• Read the whitepaper, The Rise of Targeted Ransomware Crime Syndicates – The Tools They Use, The Profits They Reap and What to do About it.
• Read the whitepaper, Stopping Ransomware Guide – Stopping Ransomware Requires Early Threat Detection of Attacker Movement