Netherlands: Security

10 manieren waarop Symantec Ransomware bestrijdt

Issue link: http://hub-nl.insight.com/i/683661

Contents of this Issue

Navigation

Page 0 of 3

Copyright©2016SymantecCorporation.Allrightsreserved.Symantec,theSymantecLogo,andthe CheckmarkLogoaretrademarksorregisteredtrademarksofSymantecCorporationoritsaffiliatesinthe U.S.andothercountries.Othernamesmaybetrademar ksoftheirrespectiveowners. 10WaysSymantec IncidentResponse CanHelpwithRansomware Ransomware isatypeofmalwarethatrestrictsusersfromaccessingtheirdeviceordata.Itforcesitsvictims – individualsandorganizations – to paytheransomthroughspecifically notedpaymentmethodsinordertogrant accesstotheirmachine,ortogettheirdataback . The growth oftypesof r ansomwareattacksis accelerating ,andit'simportanttounderstandyouroptionsshould youfallvictim. Symantec IncidentResponse (IR) ca nhelporganizationswithvalidatingattacksandwithmaking decisionsonwhattodonext. In thisdocument, you'llfind10waysSymantecIncidentResponsecanhelp organizations rightnow ,dependingon theirsituation, that areinfectedwith r ansomware . 1. Wecanhelp identifytheprimaryinfectorandcontainfurtherspread. Moreinfo: Ourresearchandpastengagementshavediscoveredthat r ansomware israrelytheprimaryinfector.Eithera SPAMemailwithmalicious hyperlink/fileattachment , Drive by Downloads/WateringHoleAttacks , MaliciousDownloaders/Droppers ,orothermalware e .g.Trojan.Zbot are responsibleforaninitialinfectionthatthenleadstoafollowon r ansomware attack. Determining theprimaryattackiscriticaltounderstandingwhattheattacker's primarycampaignistargetingandensuresthatyouaren'tmissingt heactual attackbyfocusingsolelyonthe r ansomware . The IR teamcaninvestigatetheattackanddetermineifthereisanotherfacet totheattackandtakeappropriatestepstoengagetheadversary,containthe attacksandworktorecommendwaystoprev enttheprimaryinfectorinthe future. 2. Wecanprovideincidentspecificrecommendationstopreventsuccessof futuresimilarattacks Use case exhibiting points 1&2: SymantecIncidentResponse wascontactedtoassistinar ansomware infection.ThemalwarewasencryptingPDFandexecutablefilesonnetworksharesandexhibitingnetwork worm likebehavior.Thecustomerwasexperiencingtheoutbreakintwoglobalcenters,causingsignificant disruptiontotheirenvironment. TheIRtea m,workingwithSymantec EndpointProtection(SEP) support,confirmedthecodewasanewvariant ofthemalware.Themaliciouscodewasidentifiedonanumberofend pointsandnumerousfileshareswithin theorganization.SymantecIncidentResponsewase ngagedtocontainanderadicatethethreat. 
 Byperforminganin depthanalysisofalldataavailable,SymantecIncidentResponsewasabletoidentifythe FastFact "Theaverageransom amountisUS$300.The favoredpayment methodforlocker ransomwareis paymentvouchersand forcrypto ransomware,it's bitcoins." Evolutionof Ransomware

Articles in this issue

Archives of this issue

view archives of Netherlands: Security - 10 manieren waarop Symantec Ransomware bestrijdt