Uptycs, the first cloud-native security analytics platform that enables cloud and endpoint security from a single platform, revealed the results of the MITRE Engenuity ATT&CK Enterprise Evaluation, round 4 that it completed. The Wizard Spider and Sandworm threat groups were imitated in this round of impartial ATT&CK Evaluations for enterprise cybersecurity solutions. The famed Ryuk ransomware family was created by Wizard Spider, while the 2017 NotPetya assaults were carried out by Sandworm, a Russian cyber military force.
Ransomware is a growing scourge for all types of organizations and the focus of these MITRE Engenuity ATT&CK Evaluations could not come at a more appropriate time. Security teams can use these evaluation results to identify gaps in their detection coverage. Our strong performance in both the Windows and Linux portions of the evaluation demonstrate how Uptycs helps these Security teams to detect even advanced ransomware actors, in addition to the hardening needed to minimize the risk of ransomware in the first place,"
Ganesh Pai, Co-founder and CEO at Uptycs.
The MITRE Engenuity team selected to mimic two threat organizations that use the Data Encrypted For Impact (T1486) approach. Wizard Spider, for example, has used data encryption for ransomware, such as the well-known Ryuk malware (S0446). On the other side, Sandworm used encryption to destroy data, probably most notably with their NotPetya ransomware (S0368). While this year's evaluations have a common theme of "Data Encrypted for Impact," both groups have extensive reporting on a broad spectrum of post-exploitation tradecraft.
New advanced detection capabilities used by Uptycs are:
Process Code Injection/DLL Injection and Process Hollowing
Master Boot Record (MBR) Overwrite
Lsass.exe Memory Credential Dumping