Detecting Cybercrime Activity with Behavioral Analytics using REvil Ransomware Attacks as the Example

Webinar Registration

Unless you’ve been hiding under a rock, there’s been little chance you haven’t heard the name REvil in the headlines lately. From the recent attack on major tech vendors and their downstream partners, to attacks on the world’s largest meat producer, as well as critical infrastructure organizations in the U.S., this ransomware gang has, in some ways, achieved a near-perfect attack execution for its’ affiliates to use as part of attacks on organizations of every size, vertical, and location.

REvil has evolved their Ransomware-as-a-Service to go beyond the now-expected “double extortion” (where your data is also stolen with the threat of publishing if the ransom isn’t paid) and achieve “triple extortion” with REvil offering to their affiliates a call service that informs the press, customers, and partners that the victim organization has been successfully attacked.

But before an attack is successful, the attack vectors and infection methods are all still limited by the operating systems they attack, providing you an ability to detect threat actions that occur before the ransomware itself takes effect.

In this real-training-for-free session, Microsoft MVP and cybersecurity expert Nick Cavalancia takes my seat, and will first discuss:

  • The evolution of REvil
  • How their Ransomware-as-a-Service works
  • A high-level look at some of the methods they use
  • Aligning REvil threat actions with the MITRE ATT&CK Framework

Nick will then be joined by Matt Radolec, Senior Director, Incident Response and Cloud Operations from Varonis, who will run through a step-by-step REvil attack scenario showing how simple it is to infiltrate and bypass current security measures, including:

  • Initial infection using phishing and a macro-embedded Office file
  • Performing network reconnaissance
  • Elevating privileges via service account
  • Exfiltrating sensitive data
  • Deploying the ransom payload

Matt will also show how a Blue Team might monitor for and identify threat actions using behavior analytics that is applicable to REvil and many other types of cyberattacks.

This real training for free event will be jam packed with technical detail and real-world application. Register today!

First Name:   
Last Name:   
Work Email:  
Phone:  
Job Title:  
Organization:  
Country:    
State:  
 

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor.

 

 

Additional Resources