Sangfor Talks Targeted Ransomware at RSA

26/02/2020 13:28:20
RSA is underway in San Francisco and, as expected, the focus is Ransomware. The first day of RSA provided a full day focused on ransomware, targeted attacks, and emerging threats like social engineering and deep fake human manipulation.

Industry experts kicked off the day by sharing from their personal and professional experience in “Lessons from America’s Two Largest Cities on Preparing for Cyberattacks,” with Laura Koetzle, Timothy Lee and Gustavo Rodriguez. Following topics that day dealt with ransomware spread techniques, Hi-Tech Extortion, targeted ransomware, recovery and data protection and recovery, among a myriad of other topics.



Just as warfare has changed significantly with the advent of air travel, explosives and the internet, ransomware is shifting from the days of random targets and mass chaos, to more targeted and devastating attacks. 2019 has seen a 37% decrease in mass ransomware attacks and a 62% increase in targeted attacks - a number projected to double or triple in the next few years.

Why you ask? End users are using smart phones over PC, critical data is being backed up in the cloud and social media communication is prevailing over email, just to name a few catalysts. Enterprises are faring no better than the end user, with deeper pockets for bigger ransom payouts and cyber-attack insurance picking up the enormous tab.

Hackers have found their sweet spot in the digitally weaponized attack of federal and local government, SMBs and any corporations with cyber insurance, employing newly developed and undetectable turnkey ransomware available online for purchase and easy to customize (ex. C2 Control Panel), and the availability of vulnerable RDP hosts available on the internet for purchase.

How does the Sangfor Ransomware Solution help?
Sangfor’s latest security solution for ransomware provides an innovative strategy to successfully mitigate ransomware attacks in each layer of the cyber kill-chain, offering a complete solution focused on different phases to offer end-to-end protection.

1) Pre-Attack protection (Discovery & Solid Security)
A. Continuous preventive ransomware vulnerability assessment with NGAF, which easily detects common C&C stealth techniques like those in use by DGA.
B. Optional in-depth vulnerability assessment by Sangfor Security Expert.

2) Mid-Attack (Detect & Block Ransomware Exploitation)
A. AI-based Engine Zero on NGAF & ES work in conjunction to deal with zero-day ransomware attacks.
B. Ransomware Honeypot to retard the encryption process by putting a bait file in the file directory. As soon as ES detects encryption on the bait file, it will trigger the ransomware detection & block the workstation.

3) Post-Attack (Response & Remediation)
A. Integrated response between NGAF & ES to locate and isolate C2 trojans and prevent 2nd attack
B. Sangfor IR services help contain the attack & minimize risk

Unlike other security vendors in the market, Sangfor provides an unparalleled ransomware solution by integrating the technology & services into ONE. Sangfor not only defends against the increasing threat of ransomware but minimizes all risk and impact to the end-user and corporation.

The threat of ransomware continues to loom with ransomware being ever selective when choosing profitable targets and weak authentication practices fostering lateral movement.

What is the next step?
Back up your data. Keep your OS and software up to date. Conduct ransomware drills to nail down incident response and data recovery, follow industry best practices....and contact Sangfor Technologies immediately for the expertise you need to keep ransomware at bay.

Our Social Networks

Global Service Center:

COPYRIGHT © 2000-2020 SANGFOR TECHNOLOGIES. ALL RIGHTS RESERVED.