Vectra Networks has successfully enabled enterprise customers to halt ransomware attacks with a new class of threat detection capabilities available in its X-series platform, designed for real-time detection of in-progress cyber attacks.
Ransomware is a type of malware that is installed on one or more computers in a network that encrypts data and demands that the user or organisation pay a ransom to the malware operators to decrypt the data.
“With ransomware, everyone’s data is fair game and this makes it a very insidious attack,” said Oliver Tavakoli, CTO of Vectra Networks. “Unlike other crimeware models, attackers don’t need to worry about exfiltrating and reselling stolen data on the black market; they just need the data to be valuable to the victim.”
“For organisations that have not implemented a perfect data backup strategy, this means they must pay up to get their data back or face the consequences, which could very well include risk to the operational livelihood of their business,” he added.
As ransomware has evolved in the enterprise, the malware has moved beyond targeting an individual machine to systematically encrypting files on networked file shares that can have broad impact across an organisation.
The new Vectra detection can identify ransomware within seconds of it encrypting files on networked file shares by recognising patterns of behaviour typically associated with ransomware.
“Ransomware’s objective is to get inside a network and work quickly at encrypting as much data as possible to increase the likelihood of the ransom being paid,” said Tavakoli. “Our ransomware detection coupled with a simple defensive canary file share measure can significantly limit the damage of an attack. “With the new Vectra detection for ransomware activity, organisations can identify the early signs of a ransomware attack within moments of infection and help to shut it down before it has a chance to take hold on a customer’s network and cause significant damage.”
The ransomware detection spots encryption across the network along with potential pre-cursor behaviours such as command-and-control (C&C) encryption key transmissions and network reconnaissance scans. Vectra then automatically identifies, prioritises and alerts on these early signs within moments of infection, enabling timely remediation before the ransomware has a chance to take critical assets and files hostage.
The new Vectra detection provides coverage against HydraCrypt, CTB Locker, CryptoWall, CryptoLocker, Locky, and many other ransomware variants. The new ransomware detection is available in the Vectra X-series version 2.5 and later. Current customers have already been automatically updated to this latest version.