London, UK – April 11, 2017 – SOC Prime, Inc. reports that Ransomware becomes more dangerous every day. For the last year, victims of these viruses paid the adversaries about $ 1 billion – which only provoke the extortionists’ appetites. Adversaries’ techniques and tools continue to evolve. Despite growing of the No More Ransom project partner network and their efforts decryption tools have been created only for a few ransomware threats at the moment. Moreover, the cybercriminals began stealing data before encryption and threaten to disclose them, if the victim does not pay the ransom.
We consider the proactive approach to protection from Ransomware as the most effective, and continue to work on tools that help detecting viruses before they encrypt data. To prove our point, we present you the advanced version of Ransomware Hunter (https://my.socprime.com/en/ucl/rsw/) Use Case for IBM Qradar. It automatically calculates scoring based on rules that use Windows logs, antivirus logs, data from vulnerability management platforms, network and perimeter devices (FW, IPS, proxy, DNS). Also it uses Tor (IP) and Ransomware (IP, URL, Domain) feeds for scoring. Register in Use Case Library to get this case, as well as its free basic versions for HPE ArcSight, Splunk and QRadar.