Skip to main content


Ransomworm: Don’t Cry – Act.


In July last year, we released our research report on the Anatomy of a Ransomware attack in which we looked into both the financial model of ransomware and then detection as it unfolds. Due to the recent WannaCry ransomware craze, we think it’s time to revisit. When we addressed ransomware last year, we made a significant comment about the ever-evolving nature of malicious software. We predicted that in the near future (evidently now) ransomware will move[…]

Topics: data science, ransomware, SECURITY, SIEM, Uncategorized

UEBA: When "E" Doesn't Stand for "Easy"

Three-letter acronyms are easy to remember and pronounce – adding more letters usually just adds friction. When Gartner renamed the User Behavior Analytics market from UBA to UEBA (i.e. User and Entity BA), it made the term more clunky but even more relevant. Most organizations understand the threat posed by user insiders, whether malicious or compromised. However, many don’t yet see the risks from “insider” machines, or as Gartner calls them, entities. While we are[…]

Topics: data science, ransomware, SECURITY

The Challenge of Using a SIEM to Detect Ransomware

Ransomware is becoming more common than ever. Corporations both large and small, are increasingly finding themselves the targets of advanced ransomware campaigns. Unfortunately, most security teams haven’t had enough experience with ransomware in corporate environments to stop infections before they run rampant.  This post explores some of the challenges security teams may face when trying to use SIEM correlation rules to identify the behavior and activities associated with a ransomware infection. Zooming out for Greater[…]

Topics: ransomware, SECURITY

Ransomware: Why Steal When You Can Disrupt?

When asked why he robbed the bank, the old saying goes, the thief replied: because that’s where the money was. But in fact, there was no need to rob; applying the modus operandi of recent ransomware attacks, all the thief had to do is disrupt the entrance to the bank, and collect the money without any extra effort. Ransomware recently made the headlines when several organizations, including hospitals, were infected and forced to pay tens of thousands[…]

Topics: ransomware, SECURITY