How to Detect a Cryptolocker Infection with AlienVault USM
Download as PPTX, PDF2 likes2,352 views
As an IT security pro, unless you've been hiding under a rock, you've heard about ransomware threats like Cryptolocker. These threats are typically delivered via an e-mail with a malicious attachment, or by directing a user to a malicious website. Once the Cryptolocker file executes and connects to the command and control server, it begins to encrypt files and demands payment to unlock them. As a result, detecting infection quickly is key to limiting the damage. AlienVault USM uses several built-in security controls working in unison to detect ransomware like Cryptolocker, usually as soon as it attempts to connect to the command and control server. Join us for a live demo showing how AlienVault USM detects these threats quickly, saving you valuable time in limiting the damage from the attack. You'll learn: How AlienVault USM detects communications with the command and control server How the behavior is correlated with other signs of trouble to alert you of the threat Immediate steps you need to take to stop the threat and limit the damage
Ad
More Related Content
What's hot (20)
Similar to How to Detect a Cryptolocker Infection with AlienVault USM (20)
Ad
More from AlienVault (20)
Ad
Recently uploaded (20)
How to Detect a Cryptolocker Infection with AlienVault USM
- 1. Live Demo: How to Detect a Cryptolocker Infection with AlienVault USM
- 2. @AlienVault About AlienVault AlienVault has unified the security products, intelligence and community essential for mid-sized businesses to defend against today’s modern threats
- 3. @AlienVault • More and more organizations are finding themselves in the crosshairs of various bad actors for a variety of reasons. • The number of organizations experiencing high profile breaches is unprecedented. • The “security arms race” cannot continue indefinitely as the economics of securing your organization is stacked so heavily in favor of those launching attacks that incremental security investments are seen as impractical. Threat landscape: Our new reality 84% of organizations breached had evidence of the breach in their log files…
- 4. @AlienVault “There are two types of companies that use computers. Victims of crime that know they are victims of crime and victims of crime that don’t have a clue yet.” - James Routh, 2007 CISO Depository Trust Clearing Corporation Prevention is elusive
- 5. @AlienVault “How would you change your strategy if you knew for certain that you were going to be compromised?” - Martin Roesch, 2013 Founder & CTO Sourcefire, Author SNORT
- 6. @AlienVault Prevent Detect & Respond The basics are in place for most companies…but this alone is a ‘proven’ failed strategy. New capabilities to develop Get (Very) good at detection & response
- 7. @AlienVault Goal is to restrict access to system or files until ransom paid Variations have been circulating since 1989 Encrypting ransomware first seen in 2005 In June 2013, McAfee reported that it had collected over 250,000 unique samples in Q1 2013 • 2X the number collected in Q1 2012 Ransomware / Extortionware
- 8. @AlienVault 1. Malware delivered via email or drive-by 2. File executes & compromises system 3. Trojan connects with C&C server 4. Encryption & notification of user begins CryptoLocker in 4 Easy Steps
- 9. @AlienVault File extensions that Cryptolocker attacks include: .odt, .ods, .odp, .odm, .odc, .odb, .doc, .docx, .docm, .wps, .xls, .xlsx, .xlsm, .xlsb, .xlk, .ppt, .pptx, .pptm, .mdb, .accdb, .pst, .dwg, .dxf, .dxg, .wpd, .rtf, .wb2, .mdf, .dbf, .psd, .pdd, .pdf, .eps, .ai, .indd, .cdr, .jpg, .jpe, .jpg, .dng, .arw, .srf, .sr2, .bay, .crw, .cr2, .dcr, .kdc, .erf, .mef, .mrw, .nef, .nrw, .orf, .raf, .raw, .rwl, .rw2, .r3d, .ptx, .pef, .srw, .x3f, .der, .cer, .crt, .pem, .pfx, .p12, .p7b, .p7c, .3fr,… Targeted Filetypes Source: Softonic.com
- 10. @AlienVault CryptoLocker Even Takes Bitcoin
- 11. @AlienVault So many security technologies to choose from Given the 10 most recommended technologies and the pricing range, an organization could expect to spend anywhere from $225,000 to $1.46m in its first year, including technology and staff. Source: The Real Cost of Security, 451 Research, April 2013 Factor into this: Initial Licensing Costs Implementation / Optimization Costs Ongoing Management Costs Renewal Costs Integration of all the security technologies Training of personnel/incoming personnel
- 12. @AlienVault Many point solutions…integration anyone? “Security Intelligence through Integration that we do, NOT you” USM Platform • Bundled Products - 30 Open-Source Security tools to plug the gaps in your existing controls • USM Framework - Configure, Manage, & Run Security Tools. Visualize output and run reports • USM Extension API - Support for inclusion of any other data source into the USM Framework • Open Threat Exchange –Provides threat intelligence for collaborative defense
- 13. @AlienVault powered by AV Labs Threat Intelligence USM ASSET DISCOVERY • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory VULNERABILITY ASSESSMENT • Continuous Vulnerability Monitoring • Authenticated / Unauthenticated Active Scanning BEHAVIORAL MONITORING • Log Collection • Netflow Analysis • Service Availability Monitoring SECURITY INTELLIGENCE • SIEM Event Correlation • Incident Response THREAT DETECTION • Network IDS • Host IDS • Wireless IDS • File Integrity Monitoring USM Product Capabilities
- 14. @AlienVault Unified Security Management Complete. Simple. Affordable. Delivery Options: Hardware, Virtual, or Cloud-based appliances Open-Source version (OSSIM) also available AlienVault USM provides the five essential security capabilities in one, pre-integrated platform Unified Security Management (USM) Platform AlienVault Labs Threat Intelligence AlienVault Open Threat Exchange
- 15. @AlienVault AlienVault Labs Threat Intelligence: Coordinated Analysis, actionable Guidance •Updates every 30 minutes •200-350,000 IP validated daily •8,000 Collection points •140 Countries
- 16. @AlienVault AlienVault Labs threat intelligence: Coordinated Analysis, actionable guidance Weekly updates that cover all your coordinated rule sets: Network-based IDS signatures Host-based IDS signatures Asset discovery and inventory database updates Vulnerability database updates Event correlation rules Report modules and templates Incident response templates / “how to” guidance for each alarm Plug-ins to accommodate new data sources Fueled by the collective power of the AlienVault’s Open Threat Exchange (OTX)
- 17. More Questions? Email [email protected] NOW FOR SOME Q&A… Test Drive AlienVault USM Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Interactive Demo Site http://www.alienvault.com/live-demo-site
- 18. @AlienVault
Editor's Notes
- #4: Most organizations look like this… there’s a myriad of security solutions in their environment all promising to deliver greater visibility.
- #9: Step 3: Cryptolocker connects to random URL to download RSA Public Key Step 4: Crates AES-256 key for each file, uses AES-265 and RSA encryption method. Encrypts files using the AES-256 key, which is encrypted using the downloaded public key.
- #11: If you don’t pay by the deadline, the files are lost
- #12: Most organizations look like this… there’s a myriad of security solutions in their environment all promising to deliver greater visibility.
- #17: Delivers 8 coordinated rulesets, fueled by the collective power of the Open Threat Exchange, to drive the USM security capabilities and identify the latest threats, resulting in the broadest view of attacker techniques and effective defenses.