Modern ransomware is no longer just encrypting data. Attackers get their claws into your network infrastructure to amplify damage and halt your business operations. Stop them before they set their extortion trap.
Seeking bigger paydays, ransomware operators have turned their sights on crawling the victim's target-rich enterprise IT infrastructure, creating existential damage to maximize their extortion ROI. Far from the smash-and-grab tactics of years past, modern ransomware attacks use a sophisticated killchain of post-compromise activities, known as the ransomware midgame, to accelerate and amplify propagation of their malware across the infrastructure.
Preventing initial access may not be possible, but with ExtraHop Reveal(x) 360, defenders can detect and stop ransomware in the midgame before they achieve real damage.
Using machine learning, you can detect behaviors that signal a ransomware attack in progress, with alerts that flag attackers as they enumerate targets, escalate domain privileges, and send C2 over noisy channels like DNS. It also spots data staging before encryption starts, allowing your business to avert the massive operational, reputational, and financial loss that accompanies a ransomware attack.
Living-off-the-Land and Lateral Movement
Ransomware gangs have adopted advanced tactics in the east-west corridor to make victims more likely to pay the ransom. They exploit existing IT infrastructure (a tactic known as living-off-the-land) like remote desktop protocol (RDP) to move stealthily and persist for longer periods of time before springing their trap, putting security and IT at a disadvantage to prevent large-scale ransomware incidents.
Without ExtraHop, the investigation would have taken days or weeks ... Even the FBI was impressed when they found out how quickly we identified and contained the threat!
Stay secure by detecting intruder probing activities, remote procedure calls (RPC), and C2 communications. Reveal(x) 360 stitches detections together to show the exact sequence of events so security teams can stop damaging ransomware effects before they happen.
Eliminate Active Directory Blind Spots
Active Directory is the documented fast path to the ransomware mass destruction used to improve an attacker's payment calculus. Reveal(x) 360 inspects every authentication, enumeration, Kerberos ticket forgery, and DCSync activity—including over encrypted communications.
Apply Compensating Controls for EDR Gaps
Ransomware attackers disable or evade EDR-enabled endpoints by applying living-off-the-land techniques. Reveal(x) 360 provides needed coverage for the prevalence of unmanaged servers, Linux hosts, and IoT devices with cloud-scale ML applying over one million predictive models.
Using Reveal(x) 360 guided investigative workflow with ninety days of traffic record lookback and scalable PCAP repository, incident responders can pinpoint the root cause and scope all compromised assets and data. With ground-truth packet insights, defenders can eradicate intruder residue, close security gaps to prevent ransomware recurrence.
Modern ransomware moves fast through your infrastructure, averaging just five days of dwell time before adversaries spring their encryption trap. To outpace the laterally-moving intruder, you'll need skilled threat hunters who are experts at responding to the extortionist's moves. The Reveal(x) Advisor service provides dedicated Reveal(x) 360 security experts to help you proactively hunt for threats faster and eradicate intruders sooner. With Reveal(x) Advisor, you can win the midgame and stop ransomware before real damage is done.