Darktrace Blog

AI catches Maze ransomware targeting a healthcare organization
Max Heinemeyer, Director of Threat Hunting | Thursday October 22, 2020

Attackers are targeting increasingly high-stakes environments with ransomware. This blog post explores how AI can be used to detect and autonomously neutralize machine-speed attacks – looking in particular at how Darktrace caught Maze ransomware targeting a healthcare organization.

All
Email Security
Cloud & SaaS Security
OT Security
Threat Finds
Autonomous Response
Ransomware
Crypto-Mining
Thought Leadership
Thursday October 22, 2020
AI catches Maze ransomware targeting a healthcare organization
Max Heinemeyer, Director of Threat Hunting
Wednesday October 14, 2020
How Industrial Control Systems can be secure in the cloud
David Masson, Director of Enterprise Security
Friday October 9, 2020
How AI detected a hacker hiding in an energy grid within hours of deployment
Max Heinemeyer, Director of Threat Hunting
Monday October 5, 2020
How a Mimecast miss led to a wide scale email compromise
Dan Fein, Director of Email Security Products
Thursday October 1, 2020
AI email security: Understanding the human behind the keyboard
Dan Fein, Director of Email Security Products
Thursday September 24, 2020
Darktrace OT threat finds: Detecting an advanced ICS attack targeting an international airport
David Masson, Director of Enterprise Security
Tuesday September 22, 2020
Fast and stealthy malware attempts to steal public data from government organization
Max Heinemeyer, Director of Threat Hunting
Thursday September 10, 2020
How AI caught hackers crypto-mining on a biometric access server in an empty office
Max Heinemeyer, Director of Threat Hunting
Monday September 7, 2020
Ransomware-as-a-Service: Eking targets government organization
Max Heinemeyer, Director of Threat Hunting
Thursday August 27, 2020
Darktrace email finds: Rare file type used to evade gateway tools
Mariana Pereira, Director of Email Security Products
Wednesday August 26, 2020
Defense in depth: The resurgence of Emotet, as seen in the email and network layers
Max Heinemeyer, Director of Threat Hunting | Dan Fein, Director of Email Security Products
Wednesday August 19, 2020
Evil Corp intrusions: WastedLocker ransomware detected by Darktrace
Max Heinemeyer, Director of Threat Hunting
Monday August 17, 2020
Darktrace threat finds: Abusing TeamViewer to deploy ransomware
Max Heinemeyer, Director of Threat Hunting
Thursday August 13, 2020
Darktrace email finds: COVID-19 relief spoof
Dan Fein, Director of Email Security Products
Monday August 10, 2020
Darktrace email finds: Fake ShareFile notification from compromised supplier account
Dan Fein, Director of Email Security Products
Thursday August 6, 2020
Darktrace OT threat finds: Defending the widening attack surface
David Masson, Director of Enterprise Security
Wednesday August 5, 2020
What the Twitter hack reveals about spear phishing – and how to prevent it
Dan Fein, Director of Email Security Products
Tuesday August 4, 2020
Phishing from the inside: Microsoft 365 account hijack
Max Heinemeyer, Director of Threat Hunting
Thursday July 30, 2020
Darktrace email finds: Two WeTransfer impersonation attacks caught by AI
Dan Fein, Director of Email Security Products
Tuesday July 28, 2020
LeChiffre ransomware targets US distributor
Max Heinemeyer, Director of Threat Hunting
Friday July 24, 2020
Darktrace email finds: IT impersonation attack
Dan Fein, Director of Email Security Products
Thursday July 23, 2020
The resurgence of the Ursnif banking trojan
Max Heinemeyer, Director of Threat Hunting
Wednesday July 22, 2020
Darktrace OT threat finds: Industrial sabotage
Max Heinemeyer, Director of Threat Hunting
Monday July 20, 2020
Unusual but benign: How Antigena Email deals with unthreatening emails from a new contact
Mariana Pereira, Director of Email Security Products
Thursday July 16, 2020
Darktrace email finds: Microsoft Teams impersonation
Dan Fein, Director of Email Security Products
Monday July 13, 2020
Darktrace email finds: Chase fraud alert
Mariana Pereira, Director of Email Security Products
Thursday July 9, 2020
CCPA: Why it’s important, and how Cyber AI can help
Mariana Pereira, Director of Email Security Products
Wednesday July 8, 2020
Speed of weaponization: From vulnerability disclosure to crypto-mining campaign in a week
Max Heinemeyer, Director of Threat Hunting
Tuesday July 7, 2020
Darktrace email finds: Impersonation attack of board member targets Gmail account
Mariana Pereira, Director of Email Security Products
Friday July 3, 2020
Darktrace email finds: Siemens impersonation costs an academic institution $60,000
Dan Fein, Director of Email Security Products
Tuesday June 30, 2020
Mirai malware infects CCTV camera
Max Heinemeyer, Director of Threat Hunting
Thursday June 25, 2020
What the EKANS ransomware attack reveals about the future of OT cyber-attacks
David Masson, Director of Enterprise Security
Wednesday June 24, 2020
Darktrace email finds: QuickBooks impersonation phishing attack
Mariana Pereira, Director of Email Security Products
Thursday June 11, 2020
The advanced email spoofing attacks of hackers-for-hire group Dark Basin
Dan Fein, Director of Email Security Products
Monday June 8, 2020
How Darktrace’s AI caught two Microsoft 365 account takeovers
Dan Fein, Director of Email Security Products
Friday May 22, 2020
Illuminating AWS cloud environments with Darktrace Cyber AI
Andrew Tsonchev, Director of Technology
Wednesday May 20, 2020
The anatomy of a SaaS attack: Two threats caught and investigated by AI
Max Heinemeyer, Director of Threat Hunting
Wednesday May 6, 2020
Old but still dangerous – Dharma ransomware via RDP intrusion
Max Heinemeyer, Director of Threat Hunting
Thursday April 30, 2020
The Domain Game: How email attackers are buying their way into inboxes
Dan Fein, Director of Email Security Products
Monday April 27, 2020
Leveling up: Augmenting the adversary with AI
Max Heinemeyer, Director of Threat Hunting
Thursday April 23, 2020
Bunim/Murray fights back against phishing attempts with Antigena Email
Gabe Cortina, CTO Bunim/Murray Productions (Guest Contributor)
Wednesday April 15, 2020
How changing online habits have opened the door to a new wave of email attacks
Mariana Pereira, Director of Email Security Products
Wednesday April 8, 2020
Four ways cyber-criminals fly under the radar
Oliver Rochford, Technical Director
Thursday April 2, 2020
Catching APT41 exploiting a zero-day vulnerability
Max Heinemeyer, Director of Threat Hunting
Wednesday March 25, 2020
Securing OT in remote working conditions
David Masson, Director of Enterprise Security
Thursday March 19, 2020
Five security risks companies face as workers go remote
Andrew Tsonchev, Director of Technology
Thursday March 12, 2020
How Antigena Email caught a fearware attack that bypassed the gateway
Dan Fein, Director of Email Security Products
Wednesday February 26, 2020
Bridging the cyber skills gap: Cyber AI Analyst for OT
David Masson, Director of Enterprise Security
Friday February 21, 2020
Post-mortem of a targeted Sodinokibi ransomware attack
Max Heinemeyer, Director of Threat Hunting
Monday January 27, 2020
Using AI to detect a bitcoin mining campaign leveraging Citrix Netscaler vulnerabilities
Max Heinemeyer, Director of Threat Hunting
Wednesday January 15, 2020
Stopped in its tracks: How Antigena neutralizes zero-day ransomware
Max Heinemeyer, Director of Threat Hunting
Wednesday January 8, 2020
RE:Thinking Email Security
Mariana Pereira, Director of Email Security Products
Wednesday December 18, 2019
Doorbuster or doppelganger: How Darktrace detects attacks that deceive via discount
Justin Fier, Director of Cyber Intelligence & Analytics
Tuesday December 3, 2019
Stop the clock: How Autonomous Response contains cyber-threats in seconds
Max Heinemeyer, Director of Threat Hunting
Monday November 18, 2019
The best signature move: Detecting ransomware without any signatures at all
Max Heinemeyer, Director of Threat Hunting
Thursday October 31, 2019
Leakproof by law: Previewing the 2020 data protection landscape
Justin Fier, Director of Cyber Intelligence & Analytics
Wednesday October 2, 2019
Big game hunting: How Ryuk ransomware takes down its imposing targets
Max Heinemeyer, Director of Threat Hunting
Friday September 6, 2019
Off the hook: How AI catches phishing emails even if we take the bait
Dave Palmer, Director of Technology
Tuesday August 13, 2019
Securing the cities of tomorrow: Three takeaways from Black Hat 2019
Max Heinemeyer, Director of Threat Hunting
Monday August 5, 2019
Back to square one: The Capital One breach proved we must rethink cloud security
Justin Fier, Director of Cyber Intelligence & Analytics
Wednesday July 31, 2019
Digitizing the Dark: Cyber-attacks against power grids threaten modernity itself
Andrew Tsonchev, Director of Technology
Wednesday July 10, 2019
Shining a light on Shamoon 3: What cyber AI revealed about the data-wiping malware
Max Heinemeyer, Director of Threat Hunting
Thursday June 20, 2019
The Age of Algorithms: How autonomous response AI is winning the race against time
Justin Fier, Director of Cyber Intelligence & Analytics
Monday June 3, 2019
Making the red team wave the white flag with Darktrace AI
Michael Green, Lead Security Analyst at Cyberseer (Guest Contributor)
Wednesday May 29, 2019
The top 10 cyber hygiene issues that lead to a breach: Part two — The perils of convenience
Max Heinemeyer, Director of Threat Hunting
Wednesday May 15, 2019
The top 10 cyber hygiene issues that lead to a breach: Part one — A perimeter in ruins
Max Heinemeyer, Director of Threat Hunting
Tuesday April 23, 2019
Software as a Security nightmare: The risks of collaboration in the cloud
Justin Fier, Director of Cyber Intelligence & Analytics
Tuesday March 26, 2019
Anatomy of an insider breach originating from a contractor's laptop
Keith Siepel, IT Manager at Hydrotech, Inc. (Guest Contributor)
Thursday March 21, 2019
Thwarting an invisible threat: How AI sniffs out the Ursnif trojan
Max Heinemeyer, Director of Threat Hunting
Tuesday March 12, 2019
A security analyst’s view: Detecting and investigating lateral movement with Darktrace
Tyler Fornes, Senior Security Analyst at Expel (Guest Contributor)
Friday March 8, 2019
How state-sponsored attackers took colleges to school
Max Heinemeyer, Director of Threat Hunting
Tuesday March 5, 2019
Solving the “VR Goldilocks Problem” in Security Operations
Jon Hawes, Head of Detect and Security Innovation at Photobox Group Security, and Max Heinemeyer, Director of Threat Hunting at Darktrace
Friday February 15, 2019
Catching Mimikatz’ behavior with anomaly detection
Max Heinemeyer, Director of Threat Hunting
Friday February 8, 2019
AI reveals 2018’s biggest cyber-threats: Part two — to err is human
Max Heinemeyer, Director of Threat Hunting
Monday February 4, 2019
Anatomy of a zero-day trojan caught by our Darktrace appliance
Keith Siepel, IT Manager at Hydrotech, Inc. (Guest Contributor)
Monday January 28, 2019
AI reveals 2018’s biggest cyber-threats: Part one — the rise of nontraditional IT
Max Heinemeyer, Director of Threat Hunting
Thursday January 10, 2019
Glimpsing inside the trojan horse: An insider analysis of Emotet
Max Heinemeyer, Director of Threat Hunting
Monday December 3, 2018
Flying under the radar: How Darktrace detects ‘low and slow’ cyber-attacks
Dave Palmer, Director of Technology
Thursday November 22, 2018
Here’s how black hats will spend Black Friday
Justin Fier, Director of Cyber Intelligence & Analytics
Thursday October 25, 2018
Law and disorder: Firms in the firing line
Max Heinemeyer, Director of Threat Hunting
Thursday October 4, 2018
Troubled waters: Cyber-attacks on San Diego and Barcelona’s ports
Andrew Tsonchev, Director of Technology, Darktrace Industrial
Monday August 20, 2018
Healthcare beware: Crypto-mining, malware, and IoT attacks
Dave Palmer, Director of Technology, Darktrace
Monday July 16, 2018
Trusting the cloud: Unencrypted data upload by government body
Max Heinemeyer, Director of Threat Hunting
Friday June 22, 2018
Beyond the hash: How unsupervised machine learning unlocks the true power of JA3
Max Heinemeyer, Director of Threat Hunting
Monday April 16, 2018
How profitable is crypto-mining malware?
Max Heinemeyer, Director of Threat Hunting
Wednesday March 7, 2018
How malware abused Sixt.com and Breitling.com for covert Command & Control communication
Max Heinemeyer, Director of Threat Hunting
Tuesday February 13, 2018
Cryptocurrencies and the future of cyber defense
Max Heinemeyer, Director of Threat Hunting
Friday February 2, 2018
Machine vs machine: instant domain fluxing identification with Darktrace
Max Heinemeyer, Director of Threat Hunting
Monday January 22, 2018
The implications of TRITON for the future of ICS security
Andrew Tsonchev, Director of Technology, Darktrace Industrial
Friday December 8, 2017
Expediting the investigation of widespread Trojan infections with Darktrace
Max Heinemeyer, Director of Threat Hunting
Monday November 27, 2017
Smuggled Raspberry Pis attempt to steal passwords
Andrew Tsonchev, Director of Cyber Analysis
Monday October 30, 2017
A new botnet discovered using IoT drawing pads for reflection attacks
Justin Fier, Director of Cyber Analysis
Wednesday October 25, 2017
Down the BadRabbit Hole
Max Heinemeyer, Director of Threat Hunting
Thursday October 12, 2017
The ‘Matrix Banker’ Reloaded
Max Heinemeyer, Director of Threat Hunting
Monday October 2, 2017
Resurgence of the Feodo banking Trojan on a government network
Andrew Tsonchev, Director of Cyber Analysis
Monday September 18, 2017
How a cloud server nearly released IP at a major manufacturing company
Andrew Tsonchev, Director of Cyber Analysis
Monday July 31, 2017
How Darktrace’s AI detects metamorphic malware
Justin Fier, Director of Cyber Intelligence & Analytics
Thursday June 29, 2017
Darktrace’s perspective on the NotPetya attack
Dave Palmer, Director of Technology
Wednesday June 21, 2017
Every rule has an exception: How to detect insider threat without rules
Andrew Tsonchev, Director of Cyber Analysis
Wednesday May 17, 2017
WannaCry: Darktrace’s response to the global ransomware campaign
Andrew Tsonchev, Director of Cyber Analysis
Monday May 8, 2017
Defending against ransomware: a live threat scenario
Andrew Tsonchev, Director of Cyber Analysis
Wednesday April 5, 2017
Trust attacks and the evolution of ransomware
Dave Palmer, Director of Technology
Monday March 6, 2017
The threat is already inside
Justin Fier, Director of Cyber Intelligence
Monday February 13, 2017
Smile! You're on camera
Dave Palmer, Director of Technology
Monday January 30, 2017
Cyber-threats mean banks are no longer ‘too big to fail’
Justin Fier, Director of Cyber Intelligence
Monday January 9, 2017
AI will supercharge spear phishing
Dave Palmer, Director of Technology
Friday December 16, 2016
5 cyber security predictions for 2017
Justin Fier, Director of Cyber Intelligence
Monday December 5, 2016
The Internet of Stranger Things
Dave Palmer, Director of Technology
Friday November 18, 2016
Holiday hacking: Cyber-attacks on Cyber Monday
Justin Fier, Director of Cyber Intelligence
Friday November 4, 2016
2016: The year of election tampering?
Justin Fier, Director of Cyber Intelligence
Monday October 24, 2016
6 emerging cyber-threats you didn’t see in the news
Justin Fier, Director of Cyber Intelligence