The Three Keys to Stopping Ransomware Before It Stops You
First Key: Full Visibility and Protection Across Your Environment
The first key for preventing malware from taking hold in your environment lies in detecting its presence. Cynet XDR layered protection components pick up even the faintest signals using multiple, coordinated detection techniques with visibility across endpoints, networks and users.
Real-time Memory Protection
Detect and block memory strings which are associated with ransomware so even unknown/obfuscated ransomware is exposed upon execution.
Real-time File Filtering
Detect and prevent unapproved apps from writing to various file types, preventing access to important company assets.
Critical Component Filtering
Protect the OS password vault so ransomware cannot harvest credentials/spread across the network.
Place decoy files and hosts in various locations, especially those that ransomware typically tries to access, to detect the presence of ransomware.
Second Key: Instantly Eradicate Ransomware with Automated Investigation and Remediation
The second key for preventing ransomware is quickly uncovering and fully remediating all components of a ransomware attack so that the entire scope of the attack is contained and no hidden components are left lingering in your environment. Cynet automated response capabilities ensure ransomware attacks are immediately detected, blocked and eradicated.
Cynet Incident Engine
Automatically launches an investigation following a ransomware alert to uncover the root cause and full extent of the attack and can then automatically apply all required remediation actions across the environment. Remediating an identified ransomware threat may provide temporary relief, but until all components of the ransomware attack are discovered and fully remediated can you be assured you are safe.
Cynet XDR provides the widest range of automated remediation actions across endpoints, networks and users. Cynet includes remediations for every detection mechanism in the platform. Multiple remediation actions across the environment are often necessary to eliminate all traces of an attack. Cynet XDR can take necessary remediation across files, hosts, networks and users from a single pane of glass.
Beyond the built-in remediation capabilities, Cynet enables you to build your own custom remediations leveraging custom scripts and commands for more complex remediation actions unique to your environment. You can also automate the actions taken to remediate a specific threat to create a custom remediation.
Automated Remediation Playbooks
Combines multiple remediation actions together in response to specific threats. Playbooks can be automatically invoked when the threat is detected or triggered manually, depending on what the organization prefers. Clients can leverage pre-built remediation playbooks provided in the Cynet platform or easily build fully customized playbooks to suit their particular needs.
Third Key: Always Be Vigilant and Up to Date with New Ransomware Strains and Approaches
The third key for preventing ransomware is to accept that ransomware operators will continue to devise innovative approaches for gaining entry to your environment and executing stealthy attacks. CyOps, the Cynet MDR team of cybersecurity experts and researchers, is always monitoring your environment to uncover potential ransomware threats and continuously researching developing approaches and techniques to update Cynet protection mechanisms
24/7 Proactive Monitoring
Continuously monitoring your environment for ransomware (and other) threats and immediately contact you when high risk alerts or events are detected along with specific actions that should be taken.
Implement New Detection Mechanisms
Ransomware variants discovered externally or across the Cynet client base are analyzed by CyOps analysts for specific identifiers which are implemented into Cynet 360 detection mechanisms.
Proactively search for hidden threats leveraging Cynet 360 investigation tools and over 30 threat intelligence feeds
On Demand Analysis
Customers can send suspected ransomware files to analysis directly from the Cynet 360 console and get an immediate verdict from expert CyOps analysts.
On Demand Analysis
Deep-dive into validated ransomware attack bits and bytes to gain the full understanding of scope and impact, providing the customer with updated IoCs.
Investigated ransomware attacks conclude with concrete guidance to the customers on which endpoints, files, user and network traffic should be remediated, including assistance creating customized remediation playbooks.
Recent CyOps Ransomware Threat Reports
Cynet Detection Report: Maze Ransomware
Eran Yosef, Ben Gold, and Asher Davitadi
In late 2019, the hacker group TA-2101 had used Fallout and Spelevo exploit kits to distribute multiple malwares. The group used emails to target health care related environments around the US. The Maze Ransomware (also known as ChaCha Ransomware) uses RSA and ChaCha20 ciphers for its encryption process and is used was by the attackers to extort the victims for payment, communicating via email – the ransomware generates different payment amounts depending on what the endpoints was used for (home computer, server, or workstation).
Attackers first began using the Ragnar Locker ransomware towards the end of December 2019 as a way to attack compromised networks. Ragnar Locker is a ransomware that runs on Microsoft Windows. It specifically targets software commonly used by managed service providers to prevent their attack from being detected and stopped. It is aimed at English-speaking users.
When the attackers first compromise a network, they will perform reconnaissance and pre-deployment tasks before executing the ransomware.