{"id":6698,"date":"2022-04-12T12:30:29","date_gmt":"2022-04-12T04:30:29","guid":{"rendered":"https:\/\/x-phy.com\/?p=6698"},"modified":"2022-04-12T12:30:29","modified_gmt":"2022-04-12T04:30:29","slug":"how-to-prevent-ransomware-insider-attack-use-case","status":"publish","type":"post","link":"https:\/\/x-phy.com\/how-to-prevent-ransomware-insider-attack-use-case\/","title":{"rendered":"How to Prevent Ransomware – Insider Attack use case"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Although many organizations are very enthusiastic about security measures like how to\u00a0prevent ransomware<\/a>, they may ignore one key aspect of cyberattacks, i.e., insider threats.\u00a0<\/a><\/p>

Jeremy is a black hat hacker who was hired by Kiosk Technologies in the department of IT audit. A rival of Kiosk Technologies offered him a handsome amount to be a spy employee and carry out a major cyber-attack.<\/a><\/p>

Right after joining the team, Jeremy studied the network and server infrastructure where he found several loopholes. Within a month, he became familiar with the entire network architecture and planned a major\u00a0data breach.<\/a>\u00a0He also investigated the office security and got the idea to enter the main office building in non-official working hours. At midnight he entered the main office building through the emergency fire exit and goes straight into the server room.<\/p>

He was aware that the storage drives are self-encrypted. At first, he removed the cover of the desktop and disconnected the\u00a0X-PHY\u00ae SSD<\/a>. The X-Site Secure feature detected the change in the ambient light.\u00a0<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t

\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Recognizing the threat, the AI security engine immediately triggered the Motionlock to maintain the security of the\u00a0X-PHY\u00ae<\/a>. He then connected the SSD to a USB hub and the desktop with SATA and power cables.<\/p>

He arranged a Hot Plug Attack and started to boot the desktop, swapped the SATA cable, connected the X-PHY\u00ae to his laptop, and kept the power on for\u00a0self-encryption data bypass.<\/a>\u00a0The continuous AI real-time monitoring detected the illegal trait and the Power Lock feature was activated. It locked down the data at the firmware kernel level.\u00a0<\/p>

This ultimately failed his attempts because the self-encryption drive keys saved in the security system management were wiped off. It further triggered the 2-Factor Keycode under the X-Factor Encryption Lock feature to protect the data at a firmware level.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

X-PHY Protection Method<\/strong><\/h4>

1. The Motionlock within the X-Site Secure feature detects the change in the ambient light upon the removal of desktop cover to disconnect the X PHY\u00ae<\/sup><\/a>.\u00a0<\/p>

2. The AI real-time monitoring of the data operation at the kernel and firmware level detects the bypass trait and triggers the Powerlock feature<\/a> to wipe the self-encryption drive keys saved in secure system management.<\/p>

3. The X-Factor Encryption lock feature triggers data lockdown<\/a> to prevent the attacker from accessing it and activates the Keycode 2-factor.<\/p>

4. The X-PHY\u00ae<\/sup> enters safe mode and asks for the password to complete the 2-factor authentication.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

Although many organizations are very enthusiastic about security measures like how to\u00a0prevent ransomware, they may ignore one key aspect of cyberattacks, i.e., insider threats.\u00a0 Jeremy is a black hat hacker […]<\/p>\n","protected":false},"author":2,"featured_media":6700,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","inline_featured_image":false,"footnotes":""},"categories":[12],"tags":[],"class_list":["post-6698","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-use-cases"],"_links":{"self":[{"href":"https:\/\/x-phy.com\/wp-json\/wp\/v2\/posts\/6698","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/x-phy.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/x-phy.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/x-phy.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/x-phy.com\/wp-json\/wp\/v2\/comments?post=6698"}],"version-history":[{"count":0,"href":"https:\/\/x-phy.com\/wp-json\/wp\/v2\/posts\/6698\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/x-phy.com\/wp-json\/wp\/v2\/media\/6700"}],"wp:attachment":[{"href":"https:\/\/x-phy.com\/wp-json\/wp\/v2\/media?parent=6698"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/x-phy.com\/wp-json\/wp\/v2\/categories?post=6698"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/x-phy.com\/wp-json\/wp\/v2\/tags?post=6698"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}