Attivo Networks has urged not only healthcare, but all industries to take immediate steps in the wake of the recent global ransomware attacks.
“The recent massive cyber-attack manifested a significant change in the cyber realm. It was indicative of cybercriminals crossing the lines of ethical boundaries at the expense of public safety,” said Ray Kafity, vice president, Middle East, Turkey and Africa, Attivo Networks.
WannaCry Ransomware hit globally and has been referred to as a weapon of mass destruction based on its ability to spread like wildfire once it has gained access to unpatched computers.
The impact has been significant and has targeted financial, energy, transportation, government, and hospitals. In Britain, attacks not only blocked doctors’ access to patient files, but also forced emergency rooms to divert people seeking urgent care.
The malicious software behind the onslaught appeared to exploit a vulnerability in Microsoft Windows that was supposedly identified by the National Security Agency for its own intelligence-gathering purposes and was later leaked to the internet.
“There are solutions in the marketplace today that can isolate ransomware immediately upon an attacker’s attempted access to networked drives or their in-network lateral movement,” added Kafity. “It is noted that Attivo’s high interaction deception techniques have been Attivo Labs tested to slow down the encryption process by 25x. This slows down the WannaCry Ransomware and provides incident response teams valuable time to respond and isolate the attacks either manually or automatically through 3rd party integrations”.
The Attivo Networks solution for ransomware starts by providing a “motion sensor” that alerts the organisation of an attacker that tries to encrypt the decoy drive or compromise a Windows SMB vulnerability. The decoy drives are set up as networked drives and designed with high-interaction technology and lures to attract the attacker to engage with the deception asset instead of production drives. What makes this solution unique is its ability to slow down and block the ransomware by tricking the attacker into believing it is being successful, where in reality, the attacker is being occupied with technology that is engaging and occupying the attention of the attacker. Capturing the attention of the ransomware provides security organizations the much-needed time-to-respond advantage to quarantine the infected system off of the network and prevent further infections. Third party integrations with current security infrastructure can also be set up for automated quarantine and isolation of an infected system. This time-to-respond advantage can make the critical difference between the loss of a single system or widespread outage.
Another important differentiator of this technology is that the solution does not depend upon signatures, so the decoys are accurate and effective regardless of the variant of ransomware (WannaCry, WannaCrypt0r, WannaCrypt, WCry or Wana Decrypt0r or other ransomware strains).
“Ransomware attacks can be highly damaging, but this can be avoided if the right early detection tools are deployed” Kafity concludes. “Regardless of the threat vector of an attack, organisations using deception technology are efficiently alerted to in-network breaches and are provided the tools for accelerated cyber incident response. Moreover, upon breach, deception technology automates the containment of the infected system.”