How to Detect a Cryptolocker Infection with AlienVault USM

Watch the Webcast On-Demand

Watch It Now!

As an IT security pro, unless you've been hiding under a rock, you've heard about ransomware threats like Cryptolocker. These threats are typically delivered via an e-mail with a malicious attachment, or by directing a user to a malicious website. Once the Cryptolocker file executes and connects to the command and control server, it begins to encrypt files and demands payment to unlock them. As a result, detecting infection quickly is key to limiting the damage.

AlienVault USM uses several built-in security controls working in unison to detect ransomware like Cryptolocker, usually as soon as it attempts to connect to the command and control server. Join us for a live demo showing how AlienVault USM detects these threats quickly, saving you valuable time in limiting the damage from the attack.

You'll learn:

  • How AlienVault USM detects communications with the command and control server
  • How the behavior is correlated with other signs of trouble to alert you of the threat
  • Immediate steps you need to take to stop the threat and limit the damage

Meet Your Host

Tom D'Aquino

Tom D'Aquino

SVP, Worldwide, Sales Engineering

Tom D'Aquino has been engaged in information security with an emphasis on supporting enterprise SIEM deployments for nearly ten years. His most recent endeavors include educating others in the art of security analysis while evangelizing the benefits of AlienVault's unified approach to information security management aka AlienVault USM. Tom loves to reminisce about the good ol' days of using grep and regex to find suspicious activity in log files and he is always thrilled to brainstorm with you on your own security use cases and initiatives.