Ransomware attacks are becoming more frequent, more damaging and more sophisticated. Besides other tips mentioned here, it is very important to detect ransomware quickly and remediate immediately. In this blog, we have collected 5 free tools to assist mitigating the risk of Ransomware Attacks faster. The list of tools cover different stages of defending against ransomware attacks ranging from detection to decryption.
Link: https://fsrm.experiant.ca/
FSRM is a role that can be added to any Windows Server 2008 or later. By setting this File System Policy Group, analysts can monitor for certain extensions overwriting system files. In case of such events the admin is alerted via an email, so they can quickly stop the malicious activity begin clean-up before much harm is done.
Link: https://www.nomoreransom.org/
National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre, Kaspersky and McAfee have “joined forces” in an attempt to fight against the Ransomware business run by cybercriminals.
The aim of this project is to create a go-to repository of Decryption Tools for as many Ransomwares as possible. So far NoMoreRansom has decrypted around 150 malwares.
Link: https://id-ransomware.malwarehunterteam.com/
ID Ransomware is the tool to help identify what kind of ransomware it is. It is a simple tool where users upload the ransom note or a sample of encrypted file. The tool then detects the type of ransomware and sends the results to the user via an email. Currently it can identify 1000+ different ransomwares.
Link: https://www.bleepingcomputer.com/download/cryptosearch/
CryptoSearch goes hand-in-hand with ID Ransomware. It is used to securely identify all the infected files and move them to a new location for better analysis and making it easier to decrypt.
Link: https://us-cert.cisa.gov/ncas/alerts/aa21-077a
CHIRP is a windows forensics tool that helps analysts find any post-Compromise activity as Indicators of Compromise (IOCs). CHIRP was released as a dynamic plugin to search for presence in advanced persistent threat (APT) by looking for presence of teardrop and raindrop malwares, but it can be configured to 1. Examine Windows event logs for artifacts associated with this activity. 2. Examine Windows Registry for evidence of intrusion 3. Query Windows network artifacts 4. Apply YARA rules to detect malware, backdoors, or implants.
DTonomy’s collected free resources on defending Ransomware attack: Github link
We are pleased to announce that DTonomy is now part of Stellar Cyber. The integrated solution will enhance cyber threat detection and response automation!