Finding the source of Ransomware - Wire data analytics
•Download as PPTX, PDF•
1 like•586 views
This document discusses how wire data analytics can be used to detect ransomware infections on a network. It explains that wire data contains information within network packet headers and payloads that can reveal the source of ransomware infections in real-time. Specific wire data sources like IDS events, user complaints of blocked files or strange desktop messages can indicate an infection. The document also describes how ransomware most commonly enters networks through phishing emails and recommends Langaurdian as a wire data analytics tool that can log and report on activity by IP address and user to investigate ransomware infections.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Finding the source of Ransomware - Wire data analytics
Similar to Finding the source of Ransomware - Wire data analytics (20)
Recently uploaded
Recently uploaded (20)
Finding the source of Ransomware - Wire data analytics
- 1. www.netfort.com Ransomware. How wire data can be used to detect the source of the problem Darragh Delaney
- 2. www.netfort.comSlide 2 How will you know there is Ransomware on your network? • IDS (Intrusion Detection System) events • Users complaining they cannot access files • User reports strange message on desktop
- 3. www.netfort.comSlide 3 Typical message you would see
- 4. www.netfort.comSlide 4 • This question was posted on an IT forum – Main points from it are below: • End user creates a file with a certain name in the file server. • Issue currently is by default, windows logs or FIM does not capture the IP address of the client who is creating this file on the file server. • Infection starts to encrypt files and every time it moves from a directory to another. • Leaves an instruction note that leads to a website/tor network site or something. • Immediate block on this IP from further causing damage.
- 5. www.netfort.comSlide 5 Wire Data Analytics • Wire data is data contained within the headers and payloads of network packets as traffic moves from one node to another. • Wire data analytics is the process by which raw packet data is transformed into real-time and historical business and IT insight. This data in motion is what you’re learning in “continuously updated” mode, a constant mind-boggling flow of information that might include usernames, filenames, or website names.
- 6. www.netfort.comSlide 6 Wire Data Sources
- 7. www.netfort.comSlide 7 How does Ransomware get in? • The most common way that ransomware can get in to your network is through phishing campaigns • These types of attacks have become much more sophisticated over the last number of years • Some common examples of what the phishing campaigns might look like can be seen in the next few slides
- 12. www.netfort.comSlide 12 Why LANGuardian should be your only choice for Wire Data Analytics • Logs and reports on activity by IP address and actual user name. • Unique levels of detail using NetFort metadata for critical protocols including SMB, HTTP and SQL. • All wire data retained in a built in database. • Go back on data days, weeks or months without the need for expensive hardware and storage. • Built in application recognition engine tracks usage by application and user name. • Connect to a SPAN or mirror port and instantly monitor anywhere across your network. • Download and deploy on standard server hardware, VMware or HyperV.
Editor's Notes
- Can Download and get it on your network in 30 minutes!!! Virtual or physical!! Free fully functional trial, 30 days