Technology: Ransomware
All reports
Ransomware vs. Endpoint Security
Ransomware vs. Endpoint Security – Results from the largest public ransomware test
In this report, we analyse ransomware vs. endpoint security. Ransomware is the most visible, most easily understood cyber threat affecting businesses today. Paralysed computer systems mean stalled business and loss of earnings. On top of that, a ransom demand provides a clear, countable value to a threat. A demand for “one million dollars!” is easier to quantify than the possible leak of intellectual property to a competitor.
Loading…
Reload document 
Open in new tab Product factsheet:
In this report, we have taken two main approaches to assessing how well products can detect and protect against ransomware.
Ransomware Deep Attacks
For the first part of this test, we analysed the common tactics of ransomware gangs and created two custom gangs that use a wider variety of methods. In all cases, we run the attack from the very start, including attempting to access targets with stolen credentials or other means. We then move through the system and sometimes the network, before deploying the ransomware as the final payload.
Ransomware Direct Attacks
The second part of the test takes a wide distribution of known malware and adds variations designed to
evade detection. We’ve listed the ransomware families used in Hackers vs. Targets on page 9. We sent each of these ransomware payloads directly to target systems using realistic techniques, such as through
email social engineering attacks. This is a full but short attack chain. In this part of the test, we ensure any protection features are enabled in the product.
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. Our results help vendors improve their products and buyers choose the best for their own needs.
Ransomware Detection Using Hardware
Ransomware Detection Using Hardware
Computer processors get the final word when running programs. Can they judge bad code from good?
SE Labs tested Intel’s hardware approach to ransomware detection, using a wide range of ransomware attacks designed to extort victims. These attacks were realistic, using the same tactics and techniques as those used against victims in recent months.
Target systems included Windows PC both Intel vPro-based hardware and alternative AMD platforms. All were attacked in the same way by testers acting as we observe ransomware groups to behave.
Attacks used original ransomware malware, as seen in the wild during recent months, as well as more advanced variations designed to evade detection. In all cases the ransomware’s goal was to steal, encrypt and destroy sensitive data on the target systems.
Loading…
Product factsheet:
Attackers can disguise malware. In the same way you might try to slip past a security guard in thick glasses and a wig, hackers can take their regular code and make it look different. There are many ways to do this, but before it can achieve its ultimate goal, malware has to run, or execute. And at that stage it drops its disguise, at least as far as the hardware it runs on is concerned. As the code runs, its intentions become clear.
And this presents an opportunity for defenders – detect malware at the very last moment, just as it reveals itself while executing. The concept of ‘security on a chip’ has been around for a long time but now Intel claims that it has introduced anti-malware to its vPro hardware platform. By monitoring code as it executes, it hopes to detect malware and inform compatible security software when it does. It claims to do this by using pattern matching, via machine learning, to spot suspicious behaviour. The goal is to have a combination of security software and hardware working together to prevent infections.
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. Our results help vendors improve their products and buyers choose the best for their own needs.
Deep and direct ransomware testing
Deep and direct ransomware testing
We tested CrowdStrike Falcon against a range of ransomware attacks designed to extort victims. These attacks were realistic, using the same tactics and techniques that were used against victims in recent months.
Target systems, protected by CrowdStrike Falcon, were attacked by testers acting in the same way as we observe ransomware groups to behave.
Attacks were initiated from the start of the attack chain, using phishing email links and attachments, as just two examples. Each attack was run from the very start to its obvious conclusion, which means attempting to steal, encrypt and destroy sensitive data on the target systems.
Loading…
Product factsheet:
Enterprise Advanced Security (Ransomware): CrowdStrike Falcon
Ransomware is the most visible, most easily understood cyber threat affecting businesses today. Paralysed computer systems mean stalled business and loss of earnings. On top of that, a ransom demand provides a clear, countable value to a threat. A demand for “one million dollars!” is easier to quantify than the possible leak of intellectual property to a competitor.
We have created a comprehensive test that shows how effective security products are when faced with the whole range of threats posed by ransomware itself and the criminal groups operating in the shadows.
In this report we have taken two main approaches to assessing how well products can detect and protect against ransomware.
Enterprise Advanced Security (Ransomware) Tested
This detailed report looks at ransomware detection during a full network attack; and protection against known ransomware attacks and their unknown variants. We include details about the different types of ransomware attacks, including the tactics used by different criminal groups.
