Know the Adversary

Even though ransomware perpetrators are numerous and their profiles diverse, you can get an early warning about emerging ransomware campaigns by leveraging the original research by the Secureworks Counter Threat Unit™ (CTU) covering APTs, criminal groups, ransomware-as-a-service providers, and other threat actors. For example, in 2020 and 2021, CTU™ discovered and analyzed Darkside and Snatch ransomware operations’ use of the Tor client to create a backdoor with persistent access to compromised networks via Remote Desktop Protocol (RDP). With this information, available at no extra charge to Taegis customers, you can mitigate exposure to these threats by following CTU researchers’ recommendation to review and, possibly, restrict access to the Tor network using the provided indicators. Further, CTU research drives continuous enhancement of Taegis countermeasures, advancing its capacity to detect new threats.

Address Vulnerability Risk

Vulnerability exploitation is one of the most common ransomware attack vectors, as reported by FBI’s Internet Crime Complaint Center (IC3). So, effective vulnerability management is critical to hardening your organization’s security posture against ransomware. Vulnerability management has long been a time-consuming and heavily manual task, but with Taegis VDR, you can automate asset discovery and vulnerability detection and take advantage of the highly accurate and relevant vulnerability prioritization. Taegis VDR determines vulnerability risk based on the unique context of your environment, threat intelligence data, and 45 other internal and external factors, so you can prioritize and remediate effectively.

Detect Ransomware Attacks Early On

Ransomware can evade traditional antimalware solutions by living only in memory. Cobalt Strike, a tool originally built for adversary simulations and red team testing, but often used by ATPs and other threat actors, is an example. Taegis Extended Detection and Response (XDR), can detect Cobalt Strike, giving you an advantage during the early stages of an attack.

If perpetrators manage to get in, they often "live off the land," leveraging legitimate network administration and other tools to conduct reconnaissance and move laterally across the network. In most cases, Taegis will detect such attacks automatically. But if malicious actors are particularly sophisticated, targeted threats they create may avoid prevention and detection layers of defense. To account for that, leading industry-analysis firm Gartner® refers in their "Market Guide for Managed Detection and Response Services" to "human-performed threat hunting" as a way to "find attacks […] that bypassed existing prevention and detection capabilities." Accordingly, Elite Threat Hunting includes Secureworks' expert-led continuous managed threat-hunting services customized to your environment and security goals. Your dedicated threat hunter continuously scours your endpoints, networks, and cloud assets to uncover potentially malicious elements and stealthy activity early on, thwarting the most damaging stages of a ransomware attack: extracting data, destroying backups, and distributing and detonating ransomware.

Leverage Secureworks Taegis to get an early warning about emerging threats, identify and eliminate vulnerabilities, and stop ransomware before it inflicts material damage on your organization.