Ransomware continues to be a major cybersecurity threat for businesses of all sizes across the globe. In 2021, a Sophos study revealed that the average cost of ransomware doubled to $1.85 million—adding to the disappointing discovery only about 8% of businesses that pay a ransom actually get their data back. Recently, the US CISA, FBI, and NSA published a joint Cybersecurity Advisory (together with the UK and Australian cybersecurity agencies) on ransomware trends, techniques, and mitigations adding to the urgency that companies strengthen their security posture against ransomware.

As stated in the report, ransomware groups are expanding their impact by targeting the cloud, managed service providers, industrial processes, and software supply chain. They are also targeting organizations during off-hours like weekends and holidays. This report comes off the heels of a report last year where the FBI found a yearly increase of 62% from 2020 to 2021.

Plixer’s security intelligence capabilities, as part of our Network Detection and Response (NDR) platform, help our customers address many of the areas outlined in this advisory. To briefly summarize:

Advisory: Technical details Plixer’s NDR platform capabilities:
Gaining access to networks via phishing, stolen Remote Desktop Protocols (RDP) credentials or brute force, and exploiting vulnerabilities. Monitor RDP for abnormal usage as well as brute force detection.  
Targeting the cloud. Analyze cloud flowlogs and seamlessly combine that with on-premise network traffic monitoring.
Attacking industrial processes. Provide device discovery and profiling for managed and unmanaged devices (including IoT), accompanied by continuous network traffic analysis.
Targeting organizations on holidays and weekends. Use separate training data to model weekend network usage patterns from normal workweek usage, to rapidly detect anomalies.
Advisory: Mitigations  
Keep all operating systems and software up to date. Include asset discovery and profiling capabilities. 
If you use RDP or other potentially risky services, secure and monitor them closely. Provide this capability ‘out of the box.’
Segment networks. Analyze network traffic flows to help with effective network segmentation planning. 
Implement end-to-end encryption.  An effective security tool even when end-to-end encryption is deployed. Where needed, Plixer supports encrypted traffic analysis techniques such as JA3/JA3S fingerprinting and malware detection using supervised machine learning for identifying traffic behavior.
Identify, detect, and investigate abnormal activity and potential traversal of the indicated ransomware with a network-monitoring tool. Are purpose-built for network monitoring, leveraging multiple detection methods including supervised machine learning, unsupervised machine learning, and sophisticated algorithms.
Document external remote connections. Provide the ability to customize what the Machine Learning engine watches—helping to implement zero-trust for critical applications and infrastructure.
Collect telemetry from cloud environments. Ingest cloud flowlog data. It also includes application monitoring capabilities.

Enterprises looking to lower their exposure to ransomware need a best-in-class NDR solution. The Plixer security intelligence platform is an innovative and intelligent NDR solution that processes network flow data with machine learning, allowing you to monitor behavior across your network and quickly detect, investigate, and remediate threats like ransomware.

Interested in learning more? Request a demo today. 

George Matthews

George Matthews is head of Product Management at Plixer. He has over 25 years of experience bringing enterprise and cloud products to market. Prior to Plixer, George held various product and engineering roles at McAfee, RSA Security, and EMC. He holds a Master’s degree from Rensselaer Polytechnic Institute (RPI).


Leave a Reply