Ransomware Detection

It was recorded that in the first quarter of 2016, businesses within the US lost approximately $200 million. Unfortunately, the FBI believes that is only the tip of the iceberg, with ransomware attacks rising year after year. The law enforcement agency expects to see losses potentially totaling up to $1 billion annually moving forward.

There are many reasons why ransomware has been the malware of choice employed by cyber criminals in recent times. One of the most appealing to those lacking a moral compass to deploy ransomware is the ease of use. There has been a marked rise in Ransomware as a Service (RaaS) offered by hackers, allowing third parties to essentially rent the malware and share any ill-gotten gains with the author. Locky, CryptoWall, CTB-Locker, Crypt0L0cker, Cerber, and TeslaCrypt appear to be the most popular variants currently used with many cyber experts and researchers seeing ransomware as the number one threat faced by the public and business.

The product offerings of SecurityVue can be best described as a fully managed SIEM which monitors the logs generated within a chosen network by all the devices connected to that network. By monitoring the logs, SecurityVue’s expertly-trained security analyst can detect malicious web traffic. Often, suspicious web traffic will come from known suspicious geographical areas or from domains known to be connected to criminal organizations.

The second way that ransomware can be detected is through the monitoring of logs that specify where and when programs were installed on a device. This form of monitoring also applies to the modification of system files, a favoured attack vector used by hackers. Another method to aid in the detection of ransomware, and other malware types, is behavioral analysis. In this instance, attempts to log onto a system, whether successful or otherwise, are logged as well as any malicious changes to admin privileges.

While in certain circumstances the important files encrypted by a ransomware may be decrypted or restored, preventing the attack in the first place can be seen as ideal. By actively monitoring a system’s logs using the right technology and expertly-trained analysts, the ideal can be proactively achieved. Therefore, detecting a ransomware attack will not only save an organization from feeling they have to pay the ransom, but additionally prevent system down time and the inevitable PR storm that could follow such an attack.

At SecurityVue, we have invested heavily in ensuring that our Security Operations Center (SOC) is at the forefront of the necessary technology needed. While having the right technology is essential, your network needs to be monitored by experts 24/7. We understand that threats and attacks do not occur strictly during office hours, which is why our dedicated security experts and systems run all year round.