How Splunk Can Help You Prevent Ransomware From Holding Your Business Hostage

A group of hackers recently cost Madison County, Indiana $200,000 and another group demanded $73,000 from the San Francisco Municipal Transport Agency (SFMTA) over the Thanksgiving holiday to decrypt frozen data. What was the common factor connecting the two attacks? A popular form of malware known as ransomware.

Why You Should Care About Ransomware

Ransomware is often used to extort funds directly from victims. Ransomware literally takes systems hostage, requiring a “ransom” to free those systems back to a usable state. This can be a very lucrative business for cyber criminals.

Ransomware, like other malware, gets into your network via bad actors who figure out a way to deliver it into your environment without “sounding an alarm” – for example, …

» Continue reading

SF Muni Hacked. Learn How to Detect Ransomware in Your Environment

Join security expert James Brodsky for our How-to Webinar: Detection of Ransomware and Prevention Strategies on December 13.

SF Muni was hit with a Ransomware attack last week, just as the prime holiday shopping season was kicking off. For many, the free fares for the weekend while Muni assessed the damage probably seemed like a holiday gift or customer service bonus.

But the lost revenues and potential $73K ransom they were asked to pay was no bonus for the IT and security teams.

News of Ransomware attacks are becoming much more common these days, with a reported $209M paid to ransomware criminals in Q1 2016 and the FBI anticipating ransomware to be a $1B source of income for cybercriminals this year.

Ransomware attacks are on the rise.

Ransomware attacks

» Continue reading

Detecting Ransomware Attacks with Splunk

 A few days ago, a customer asked me if Splunk could be used to detect Ransomware – y’know, the malware that encrypts all of the files on your hard drive and asks you to pay a ransom to get them back.  (If you’ve been trapped under something heavy for the last few years, see here  and here.)

Ransomware has been around for a few years now, and in fact Michael Gough, a local “Malware Archeologist” published a blog post about using Splunk to detect it way back in 2014. So yes, Splunk has been able to detect Ransomware for about as long as its been around.

Michael’s technique relies on enabling File Auditing within the Advanced Auditing features

» Continue reading