Shulou(Shulou.com)06/01 Report--

The virus *** has been very common in recent years and is extremely harmful. SamSam, as one of the most active ransomware viruses, is also notorious. Since its birth, SamSam has focused on large organizations and has been active in North America. There was an outbreak in 2016, mainly targeting medical institutions. In 2018, he did a few big deals and put his idea on the head of the local government. In February 2018, the Colorado Department of Transportation declared a state of emergency following an encounter with SamSam ransomware *** and requested support from the National Guard's cyber team. In March 2018, Atlanta was ransomed by SamSam virus *** for $52,000 and $2.6 million in repair costs.

The ransomware virus is fierce, and the detonation of it may be in an instant. It may be that an employee has been phishing and clicked on a malicious link carrying the ransomware virus, causing a terminal to be locked, and then the virus begins to spread rapidly to other connected devices.

At present, many organizations 'security solutions still emphasize the protection of the periphery, trying to detect and prevent threats at the entrance, and lack the monitoring of the interior. Once the enemy bypasses the protection of the periphery and enters the interior, it is like entering no one. In this case, if we can improve the "visibility" of the interior, achieve real-time perception, detect suspicious behavior in time, and immediately locate the affected endpoint, we can minimize the loss.

To realize effective internal monitoring, Security Operations Center is still the best practice at present. At present, many organizations in China have completed the construction of Security Operations Center, and the feedback from users is mixed. Especially after the Security Operations Center is put into use, the huge workload brought by it makes users overwhelmed. Therefore, it is imperative to realize the automation of real Security Operations Center. As Yi Xin, head of Huaqing Rongtian Security Operation Platform, said,"The positioning of Security Operations Center should be simple, professional and focused, and users should not invest too much energy on the platform." Based on years of technical accumulation and customer service experience, Huaqing Rongtian practices this initial idea through intelligent log generalization, log source validity management, corresponding rule triggered management and other technologies, which is quite effective.

In addition, ransomware virus also has a major feature that there are constantly new variants, making it more difficult for enterprises to prevent, still SamSam virus, currently known to exist SamSa, Samas, samsam and other variants. Huaqing Rongtian also responded to this. EzAccur, a product of Security Operations Center, formed an event chain by identifying the infection characteristics of the virus through retrospective analysis of the virus characteristics, which can quickly complete the impact analysis and make the ransomware virus invisible.

On the other hand, in addition to the power of technology to prevent ransomware, the organization's security culture is also very important, ransomware mainly relies on mail, program ***, malicious web pages, vulnerabilities to spread. By raising the awareness of internal employees on virus prevention, avoiding clicking and using links and programs of unknown origin, and updating and installing system patches in a timely manner, it can also effectively strengthen the prevention of ransomware **.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.