This article describes how to use FortiDeceptor and SMB Deception Lure to detect activities that are related to the DearCry ransomware and any Ransomware malware attack.
DearCry uses recent MS. Exchange server vulnerabilities to exploit its targets. For more information about this ransomware attack, see the Fortinet blog post:
New DearCry Ransomware Targets Microsoft Exchange Server Vulnerabilities
Cyber Deception Against Any Ransomware:
1. FortiDeceptor starts by deploying a fake network shared across every endpoint/server in your network. This pseudo network is hidden from legitimate users to avoid clicking on decoy systems and generating false alerts.
2. This fake network drive also contains fake files and workflows that are sacrificed to expose an attacker and/or malicious ransomware.
3. The fake network is mapped using a network decoy that acts as a fake file server, complete with fake traffic and files.
4. The FortiDeceptor tool that creates and manages this fake network can be fully integrated into your third-party security tools, such as your Firewall, Network Access Control, and Next-Gen AV, so that malicious activity can be identified and mitigated.
5. Once the ransomware compromises an endpoint and starts to encrypt the fake files on the fake network drive, the decoy (fake file server) detects this malicious network activity and uses one of your existing security tools to automatically isolate the infected endpoint, protecting the rest of the network.
Please follow the steps below for Deception Protection against Ransomware malware:
1. Deploy windows Decoy with SMB enabledThe Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.