A recent Unit 42 blog post breaks down the newly identified ransomware “RanRan,” targeting multiple Middle Eastern government organizations. Driven by what appear to be political motives, the RanRan attacker encrypts data until victims make a negative public statement against a particular political leader.
Prevention against ransomware, like RanRan, is possible with Palo Alto Networks Traps advanced endpoint protection. Traps prevents malicious executables with one-of-a-kind multi-method malware prevention, which provides multiple kill points throughout the attack lifecycle.
Traps has a number of features that allow admins to proactively reduce the attack surface, including execution restrictions and admin override policies. Restrictions can be set using rules for folders (like temp directories), external media (such as USB drives), child processes and others. Admin override policies give admins granular control over which applications should or should not be able to execute.
In real time, Traps cross-references our WildFire threat intelligence cloud to determine if the hash has already been identified as malicious elsewhere within the broader Palo Alto Networks community. If the file has been seen before and identified as safe, it proceeds to execute. If the file is identified as malicious, Traps instantly prevents it from executing.
If an executable is unknown, Traps uses static analysis to identify whether it contains malicious characteristics or not. Rather than utilizing a signature-based approach, Traps uses local static analysis to identify malware characteristics derived through machine learning. Should the executable contain malicious characteristics, Traps prevents it from executing.
Verdicts, benign or malicious, are fed back into the threat intelligence cloud so that any other endpoint that tries to execute this file is informed and protected instantly.
The Traps multi-method malware and exploit prevention enables protection against known, unknown and zero-day threats, including new ransomware such as RanRan.
Ignite '17 Security Conference: Vancouver, BC June 12–15, 2017
Ignite '17 Security Conference is a live, four-day conference designed for today’s security professionals. Hear from innovators and experts, gain real-world skills through hands-on sessions and interactive workshops, and find out how breach prevention is changing the security industry. Visit the Ignite website for more information on tracks, workshops and marquee sessions.