12 Jul Hands-on support in the fight against ransomware
We all like to make a lot of money and preferably quickly. Spreading ransomware or cryptominers in a corporate environment has proven to be an effective method of achieving this. It is therefore no wonder that a lot of hackers specialize in this.
A contemporary reciprocal pattern is that hackers take their time to settle into an environment before striking visibly. The average here is a little under two weeks. During this time, they try a variety of methods to gain access from one system to another. Occasionally, the AI EPP system or the EDR detects something but blocks it neatly, so we are not immediately concerned. This could be a MITRE technique, but just as easily simply psexec. However, the opposite of carefree is true, the hacker simply uses another method to further nest. No doubt at the end of the week you have several loopholes open that no cat or IT engineer sees the end of. And then he’s just getting started….
Are you running out of resources? Sophos extends its hand.
Every alarm should be taken seriously and deserves investigation. We’re talking “Threat hunting” here. The presence of an EDR (Endpoint Detection & Response) is a crucial part in this investigation, as it accurately tracks every movement of a threat.
This immediately brings us to the next problem: resources. Not from the CPU, but from you and me. We all have something else to do. More to the point, after the third Threat hunt without an effective threat, we will humanly become a bit more nonchalant not to even talk about procrastination. This is precisely where MTR comes into the picture. Sophos’ “Managed Threat Response” team takes over these tasks from IT and investigates every alert. Combined with the experience they have gained across all Sophos customers, they have a knowledge and quality that we ourselves could never match.
Too late? Your system turns out to be contaminated? The always-ready Sophos Rapid Response team can be called in to drive the ransomware or other unwanted parasites out of your network. Just imagine it as a team completely disguised in white all over taking over the disinfecting lead and conducting a trace investigation all the way to (to the extent possible) retrieving the disappeared data. If they can’t do it, we won’t be able to either.
Read the source on which this blog is based here.
If you would like more info on any of these products, please contact your Account Manager.
P.S. One more thing: some companies think they are too small to be attacked. For a targeted attack, that is certainly true. However, a lot of attacks happen in the broad and also through private email messages. When a link is clicked, a light goes on for the hacker and the snooping can begin. Since a private individual is in the flavor, a small business will be even more delicious.