Ransomware is a multi-stage problem. Darktrace is the only vendor with the multi-stage solution that autonomously and effectively contains the attack at any stage and ensures the attacker cannot progress.
Initiation
To accomplish the initial entry, the attacker may launch their attack via a spear phishing email, RDP brute forcing (exposed internet service), malicious websites and drive-by downloads, an insider threat with company credentials, system and software vulnerabilities, or any number of other attack vectors. By constantly looking for novel ways into digital environments, attackers stay ahead of threat intelligence and can avoid traditional defenses. Just a single small vulnerability or oversight is enough for a threat actor to perform an initial compromise. Once the initial breach has been achieved and they find themselves inside an organization’s network, a massive range of attack vectors are opened up to attackers.
Legacy Security Solutions
If the initial breach is a simple, historical attack, it might be stopped. If it is one of the vast, ever-increasing number of sophisticated and novel attacks being launched, it can continue onto the next stage.
Attackers will often purchase the off-the-shelf defenses to test their malware against to see if it will be effective. If the malware is brand new, it will likely pass these checks against all legacy solutions.
Darktrace’s Autonomous Response
Breaches inherently break from a digital estate’s normal ‘pattern of life’ and can therefore be detected by Darktrace. Once detected, they are stopped at this early stage by Autonomous Response. This includes sophisticated attacks like spear phishing. Action taken is tailored and precise, meaning no disruption is suffered by the business. With Darktrace, ransomware attacks end here, but its Autonomous Response capabilities work at later stages as well.
To read full download the whitepaper:
Stages of a Ransomware Attack
