From: Network World Asia
By Bryan Borra
We are seeing more cases of the Cryptolocker/CryptoWall family of malware. Also known as “ransomware”, this type of attack is delivered through spear-phishing methods such as an email attachment. Users must pay a ransom before a set deadline passes or all their files will remain encrypted. Cryptolocker uses a number of techniques (HTTPS, P2P, TOR) to mask its command and control communications.
Security information and event management (SIEM) technology combined with threat intelligence can be effectively used to detect this type of attack. We recommend you ask your MSSP or SIEM Administrator to create the following use cases:
Leave a Reply