The 5 phases of a ransomware attack

| July 28, 2016

article image
Ryan Sommers, manager of threat intelligence and incident response at LogRhythm Labs, recommended the following five steps of defense against ransomware: 1. Preparation: Patch aggressively so vulnerabilities are eliminated and access routes are contained. Protect endpoints with tools that can automatically detect and respond to infections. 2. Detection: Use threat intelligence sources to block or at least alert you to the presence of anomalies in your network traffic. Screen emails for malicious links.

Spotlight

Paladion

Paladion is a global cyber defense company that provides Managed Detection and Response Services, DevOps Security, Cyber Forensics, Incident Response, and more by tightly bundling its semi-autonomous cyber security platform and managed services with leading security technologies. Paladion is consistently rated and recognized by analyst firms such as Gartner, Forrester, and IDC, and awarded by CRN, Asian Banker, Red Herring, amongst others. For 17 years, Paladion has been actively managing cyber risk for over 700 customers from its six Cyber Security Operations Centres placed across the globe.

OTHER ARTICLES

Ryuk: Defending Against This Increasingly Busy Ransomware Family

Article | February 12, 2020

On December 16, 2019, the U.S. Coast Guard disclosed a security incident at a facility regulated by the Maritime Transportation Security Act (MTSA). Forensic analysis suggests that the incident might have begun when an employee clicked on a link embedded in a phishing email.This action enabled a threat actor to set Ryuk ransomware loose on the facility’s network. Ultimately, the infection spread to all IT network files, leading Ryuk to disrupt the corporate IT network and prevent critical process control monitoring systems from functioning properly. Phishing is one of the primary infection vectors for most ransomware families, but there’s an interesting twist with this particular family. As noted by Malwarebytes, a typical Ryuk attack begins when a user opens a weaponized Microsoft Office document attached to a phishing email. Opening the document causes a malicious macro to execute a PowerShell command that attempts to download the banking trojan Emotet. This has the ability to download additional malware onto an infected machine that retrieves and executes Trickbot.

Read More

The British government thinks process sensor cyber issues are real – what about everyone else

Article | February 16, 2020

When Joe refers to analogue devices, he is generally referring to ISA99 / IEC 62443 Level 0 devices, i.e. the sensors and actuators required in any cyber physical system. The vulnerability of these devices is often ignored as the security measures required to protect them are not purely technical but also involve physical and personnel security aspects along with process security (both of the metrology and processing by the device, as well as configuration management and control issues over the lifecycle of analogue devices). The security situation is not helped by the simplistic application of the triad of security goals (confidentiality, integrity and availability) to cyber physical systems.

Read More

Progress Is the Promise in National Cybersecurity Strategy

Article | March 23, 2020

How can progress be measured when it comes to shifts in national security strategy and practice? Several assessment variables might include changes in official national guidance, legal authorities, types of campaigns or operations, lexicon used in national security discourse, and early results of the application of those changes. Since 2016, with the introduction of the construct of persistent engagement and the subsequent development of defend forward, all these variables have changed in a positive manner.

Read More

New Ransomware hitting Industrial Control Systems like a nuclear bomb

Article | February 10, 2020

Researchers at security firms including Sentinel One and Drago’s have been mystified by a piece of code named Ekans or Snake, over the last month. Drago’s publically released its full report on Ekans Ransomware that has recently inflicted Industrial Control Systems and these are some of the most high-value systems that bridge the gap between digital and physical systems. In the history of hacking, only a few times a piece of malicious code has been marked attempting to intrude Industrial Control Systems. Ekans is supposed to be the first Ransomware with real primitive capability against the Industrial Control Systems, software, and hardware used in everything from oil refineries to power grids. Researchers say this ransomware holds the capability to attack ICS by Honeywell and GE as well.

Read More

Spotlight

Paladion

Paladion is a global cyber defense company that provides Managed Detection and Response Services, DevOps Security, Cyber Forensics, Incident Response, and more by tightly bundling its semi-autonomous cyber security platform and managed services with leading security technologies. Paladion is consistently rated and recognized by analyst firms such as Gartner, Forrester, and IDC, and awarded by CRN, Asian Banker, Red Herring, amongst others. For 17 years, Paladion has been actively managing cyber risk for over 700 customers from its six Cyber Security Operations Centres placed across the globe.

Events