There are many sources of motivation for hackers and bad actors to do what they do, but ransomware attacks are driven by two primary motives; money and destruction. However, even though there are dozens of ransomware variants with new mutations being discovered weekly, they all exhibit the same common behavior; large volumes of file modifications in short periods of time. If you’re going to do this, you need to detect unusual or abnormally high file system activity in short timeframes as well as operations associated with ransomware presence such as the creation of files with specific names and file extensions. Monitor all file activity on all your critical file systems, send the data to your SIEM, write rules looking for the aforementioned patterns, and hope you find your attacker.
Or, stay tuned for a better solution from STEALTHbits…
As General Manager, Adam is responsible for product lifecycle and market adoption from concept to implementation through to customer success. He is passionate about market strategies, and developing long-term path for success for our customers and partners.
Previously, Adam served as CMO and has held a variety of senior leadership positions at Stealthbits – now part of Netwrix including Sales, Marketing, Product Management, and Operational Management roles where his focus has consistently been setting product strategy, defining roadmap, driving strategic engagements and product evangelism.
Adam holds a Bachelor of Science degree in Business Administration from Susquehanna University, Selinsgrove, PA.
Proper data security begins with a strong foundation. Find out what you're standing on with a free deep-dive into the security of your Structured and Unstructured Data, Active Directory, and Windows infrastructure.Read more