//
you're reading...
IT & TECHNOLOGY, Palo Alto Networks

Traps “Can Can” Prevent RanRan Ransomware


A recent Unit 42 blog post breaks down the newly identified ransomware “RanRan,” targeting multiple Middle Eastern government organizations. Driven by what appear to be political motives, the RanRan attacker encrypts data until victims make a negative public statement against a particular political leader.

Prevention against ransomware, like RanRan, is possible with Palo Alto Networks Traps advanced endpoint protection. Traps prevents malicious executables with one-of-a-kind multi-method malware prevention, which provides multiple kill points throughout the attack lifecycle.

Reduce the Attack Surface

Traps has a number of features that allow admins to proactively reduce the attack surface, including execution restrictions and admin override policies. Restrictions can be set using rules for folders (like temp directories), external media (such as USB drives), child processes and others.  Admin override policies give admins granular control over which applications should or should not be able to execute.

Superior Threat Intelligence and Automated Prevention

In real time, Traps cross-references our WildFire threat intelligence cloud to determine if the hash has already been identified as malicious elsewhere within the broader Palo Alto Networks community. If the file has been seen before and identified as safe, it proceeds to execute. If the file is identified as malicious, Traps instantly prevents it from executing.

Better Approach to Preventing Unknown Threats

If an executable is unknown, Traps uses static analysis to identify whether it contains malicious characteristics or not. Rather than utilizing a signature-based approach, Traps uses local static analysis to identify malware characteristics derived through machine learning. Should the executable contain malicious characteristics, Traps prevents it from executing.

Verdicts, benign or malicious, are fed back into the threat intelligence cloud so that any other endpoint that tries to execute this file is informed and protected instantly.

 

The Traps multi-method malware and exploit prevention enables protection against known, unknown and zero-day threats, including new ransomware such as RanRan.

Learn more about Traps advanced endpoint protection.  

ignite17-social-cover-img-facebook-820x340

Ignite ’17 Security Conference: Vancouver, BC June 12–15, 2017

Ignite ’17 Security Conference is a live, four-day conference designed for today’s security professionals. Hear from innovators and experts, gain real-world skills through hands-on sessions and interactive workshops, and find out how breach prevention is changing the security industry. Visit the Ignite website for more information on tracks, workshops and marquee sessions.

[Palo Alto Networks Research Center]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 116,951 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,132 other followers

Twitter Updates

Archives

March 2017
M T W T F S S
« Feb   Apr »
 12345
6789101112
13141516171819
20212223242526
2728293031  
%d bloggers like this: