New detection identifies the fundamental behaviours at the heart of enterprise ransomware attacksInfosecurity Europe, UK (Stand S80) — 7 June 2016 — Vectra® Networks, the leader in automated threat management, today announced it has successfully enabled enterprise customers to halt ransomware attacks with a new class of threat detection capabilities available in its X-series platform, designed for real-time detection of in-progress cyber attacks.
Ransomware is a type of malware that is installed on one or more computers in a network that encrypts data and demands that the user or organisation pay a ransom to the malware operators to decrypt the data.
The FBI reported nearly 7,600 ransomware complaints between 2005 and 2015, almost one-third of which were received in 2015 and cost victim organisations roughly $57 million (£39 million).
“With ransomware, everyone’s data is fair game and this makes it a very insidious attack,” said Oliver Tavakoli, CTO of Vectra Networks. “Unlike other crimeware models, attackers don’t need to worry about exfiltrating and reselling stolen data on the black market; they just need the data to be valuable to the victim.”
“For organisations that have not implemented a perfect data backup strategy, this means they must pay up to get their data back or face the consequences, which could very well include risk to the operational livelihood of their business,” he added.
As ransomware has evolved in the enterprise, the malware has moved beyond targeting an individual machine to systematically encrypting files on networked file shares that can have broad impact across an organisation.
The new Vectra detection can identify ransomware within seconds of it encrypting files on networked file shares by recognising patterns of behaviour typically associated with ransomware.
“Ransomware’s objective is to get inside a network and work quickly at encrypting as much data as possible to increase the likelihood of the ransom being paid,” said Tavakoli. “Our ransomware detection coupled with a simple defensive canary file share measure can significantly limit the damage of an attack.
“With the new Vectra detection for ransomware activity, organisations can identify the early signs of a ransomware attack within moments of infection and help to shut it down before it has a chance to take hold on a customer’s network and cause significant damage.”
The ransomware detection spots encryption across the network along with potential pre-cursor behaviours such as command-and-control (C&C) encryption key transmissions and network reconnaissance scans.
Vectra then automatically identifies, prioritises and alerts on these early signs within moments of infection, enabling timely remediation before the ransomware has a chance to take critical assets and files hostage.
The new Vectra detection provides coverage against HydraCrypt, CTB Locker, CryptoWall, CryptoLocker, Locky, and many other ransomware variants.

The new ransomware detection is available in the Vectra X-series version 2.5 and later.

Current customers have already been automatically updated to this latest version.
For more information on the ransomware pandemic, visit the Vectra Networks ransomware resource page.
About Vectra NetworksVectra® Networks is the leader in automated threat management solutions for real-time detection of in-progress cyber attacks.

The company’s solution automatically correlates threats against hosts that are under attack and provides unique context about what attackers are doing so organisations can quickly prevent or mitigate loss.
Vectra prioritises attacks that pose the greatest business risk, enabling organisations to make rapid decisions on where to focus time and resources.
In 2015, Gartner named Vectra a Cool Vendor in Security Intelligence for addressing the challenges of post-breach threat detection.

The American Business Awards also selected Vectra as the Gold Award winner for Tech Startup of 2015.
Vectra investors include Khosla Ventures, Accel Partners, IA Ventures, AME Cloud Ventures and DAG Ventures.

The company’s headquarters are in San Jose, Calif., and it has European regional headquarters in Zurich, Switzerland. More information can be found at www.vectranetworks.com.
# # #
Vectra and the Vectra Networks logo are registered trademarks and Security that thinks, the Vectra Threat Labs, and the Threat Certainty Index are trademarks of Vectra Networks. Other brand, product and service names are trademarks, registered trademarks or service marks of their respective holders.