On February 29, 2017 illusive networks received a customer alert and initiated forensic analysis after malicious activity was detected on a certain endpoint in the network. Our Deception Management System identified the malicious activity as Spora, a variant of ransomware, which like Locky, silently encrypts files with selected extensions and then attempts to redeploy itself on additional hosts via elevated privileges. However, with Deceptions Everywhere deployed illusive networks diverted the ransomware from encrypting files on the original host - redirecting the encryption process to deceptive files - and more importantly thwarted the encryption of files located on the company's network shares.
The subject of ransomware no longer needs an introduction. We recently looked ahead to the Advanced Ransomware Threats (ARTs) of the future, but it’s equally important to look at the topic at a lower level to understand the ransomware families that are threatening your organization.
By now we’re all familiar with the current generation of ransomware threats. While we’re seeing higher-profile ransomware attacks in the news (especially in the healthcare industry), the reality is that the majority of ransomware incidents are mostly opportunistic.
Between April 2015 and March 2016, there were 2,315,931 reported ransomware attacks.
Ransomware is the biggest topic in the cybersecurity community right now – but this certainly doesn’t mean it’s a new concept. Malware capable of encrypting files on infected machines has existed since 1989, but today’s cyber attacks are far more sophisticated.