Detecting and Stopping Ransomware at its Most Critical Step – Lateral Movement

Webinar Registration

Ransomware is off the chain these days. Recent data shows nearly every organization today has either experienced or avoided a ransomware attack, extortion methods now include “victim-friendly” stolen data search sites, average ransoms are in the hundreds of thousands, and an average of half your data gets encrypted.

Many security strategies focus on detecting the ransomware malware itself – whether as an attachment in an inbound email, at the other end of a malicious link, or while it’s trying to execute on an endpoint. But ransomware gangs are evolving their tactics daily to find ways to evade detection.

However, there is one aspect of a ransomware attack that can’t be avoided: lateral movement. It’s absolutely necessary for as many systems to be infected (and, therefore encrypted) as possible to improve the chances of ransom payment. And that means moving laterally from machine to machine within the victim environment.

The crux of any lateral movement – regardless of the specific technique – is authentication, making it a perfect opportunity to detect anomalous behavior and stop movement entirely.

So, what kinds of lateral movement are used in ransomware attacks, and how can you detect and isolate?

In this Real Training for Free session, 4-time Microsoft MVP Nick Cavalancia takes my seat as he first discusses:

  • The use of lateral movement in ransomware attacks
  • Common methods of lateral movement
  • The role of authentication

Up next, you’ll hear from Gal Sadeh, Head of Data Science, and Yiftach Keshet, Director of Product Marketing from Silverfort. They will discuss:

  • How lateral movement attacks in the wild take time to mature
  • How identifying “building-block” movement events can assist in early-stage detection
  • What data sources can be useful for detection

They will demonstrate lateral movement detection and analysis using Silverfort’s free Lateral Movement Analyzer tool, showing the presence of lateral movement in an environment, what user accounts and machines are suspected to be compromised, what was the progression level of the attack, and what actions you should take. This is an early preview of this tool which will be presented at the coming Blackhat Arsenal and will be then available for download – so all the analysis you’ll see in this session will be in your reach within a few weeks.

This real training for free event will be jam packed with technical detail and real-world application. Register today!

First Name:   
Last Name:   
Work Email:  
Phone:  
Job Title:  
Organization:  
Country:    
State:  
 

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor.

 

 

Additional Resources