Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Ransomware Detection and Remediation ( Kaspersky Lab)
#1
     
Quote:
  Ransomware Detection and Remediation        
Kaspersky Lab
Published on Dec 27, 2018
In this video, in-the-wild ransomware designed to encrypt valuable data on the attacked endpoint is used to demonstrate how Kaspersky Endpoint Security for Business detects ransomware, then performs a rollback process to restore the data affected.

Let’s start with an unprotected system. We have a PDF file here, and we’ll open this file, just to check that it’s not encrypted yet.  Now, let’s execute a malware file. As is typical of ransomware, it first enumerates the files on disk, searching those most likely to be valuable to the user – generally going for the common file formats used for documents, pictures, audio and databases. This malware is very dangerous to individual users and also to corporations that stand to lose a lot of important data this way.

Now, the ransomware has encrypted all the important data on the endpoint, including our PDF file – we now can’t open it.  And there’s a ransom message on the desktop: it’s says the files are encrypted with a strong algorithm – we’re going to have to contact the hackers and pay for their decryption.

Now let’s see what happens when the system is protected by of Kaspersky Endpoint Security for Business. 

Here we have of Kaspersky Endpoint Security for Business running. 
We’ll open the same user PDF file from the desktop to check that it’s not yet encrypted. Then we execute the malware. Again, we can see that this ransomware is searching for interesting file formats like DOC, or PDF or JPG. Let’s see if it’ll be able to encrypt them all this time.

Now, the instant the ransomware starts encrypting files, our Behavior Detection module blocks this malicious process. Next, the product asks what action we want to apply. For full remediation, we generally recommend restarting the machine.  But for demo purposes, let’s just select the rollback process without a restart. 

We can see that the malware was able to encrypt only three files before being spotted, and all these have now been automatically recovered. In the Report screen, full details are given on the Trojan removal and remediation processes: you can see exactly what happened to each file the malware tried to change.
https://www.youtube.com/playlist?list...
#KasperskyLab
Category
Science & Technology
Reply
#2
Thanks for the post 

Edited by me to show the video

Please note the changes done.
Reply
#3
Thanks for this. It was pretty insightful. I didn't know that
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Kaspersky Antivirus vs Ransomware | Kaspersky Internet Security Antivirus vs Ransomwa mrtrout 0 1,129 05-28-2021 , 11:31 PM
Last Post: mrtrout
  Bitdefender vs Kaspersky: Ransomware Test mrtrout 0 1,303 04-06-2021 , 09:13 PM
Last Post: mrtrout
  Kaspersky versus Ransomware [TPSC] tarekma7 0 1,448 04-29-2020 , 03:13 AM
Last Post: tarekma7
  ( What is Ransomware ) Kaspersky Lab mrtrout 0 1,867 04-22-2018 , 10:51 PM
Last Post: mrtrout
  ( Kaspersky vs Ransomware) The PC Security Channel [TPSC] mrtrout 0 2,251 12-13-2017 , 06:11 AM
Last Post: mrtrout



Users browsing this thread: 1 Guest(s)