Adobe Reader is the most widely used PDF reader. It’s used at millions of businesses of all sizes all over the world. Often these PDF documents contain sensitive Personally Identifiable Information, trade secrets, banking information, and even user names and passwords. This sensitive information must be protected from cyber-criminals who are diligently working to infiltrate your network and steal your data.
PDF Protect is similar to a DocTrap except that it’s a PDF file instead of a Word document. These files are placed in strategic locations such as My Documents, Desktop, at the root of C:\, and in network shares. These are all common places cyber-criminals look for sensitive information, and it’s also where ransomware begins its file encryption process. Embedded within the PDFTrap file is metadata that lends itself to being a reliable notification method. Whenever the document is opened, an alert is generated. The documents are real, they contain real data, and have an alarm built in that generates an alert when they are accessed. Just like the other HackTraps you want to give this one an interesting filename to entice any unsuspecting wrong doers.
Ransomware hunts for network shares and encrypts whatever data it finds. The ransomware we’ve observed encrypts the folders in alphabetical order. Even though ransomware may go alphabetically, there is no telling how long that will be the case. To stay ahead of possible new variants of ransomware, the following shared folders called “AAAA” ,”MMMM”, and “ZZZZ” were created. By creating folders at the beginning, middle, and end of the directory structure, it doesn’t matter where the ransomware starts, an alert will be issued before it gets too far.
Additionally, a PDF Protect document was placed at the root of each folder within the shared folder directory structure. The main idea and benefit to doing this is deception. By strategically placing decoy data within the network it is ensured you’ll be alerted to any intruders. Use your in-depth network knowledge to your advantage.
When you place files in the Cloud, how do you know they are secure? Do you trust the admins/support at DropBox to leave your files alone? What about Box, OneDrive, Office365, iCloud, or HipChat to name just a few others? How do you know that a hacker hasn’t already stolen your credentials and has access to your Cloud services? Those fears can be addressed by using the PDF Protect, DocTrap, and DirTrap HackTraps. By strategically placing PDFTrap HackTrapss in your Cloud drives, you are ensuring that you’ll be notified, should your account become compromised.
USB Flash drives are great at storing files that you need to use on another machine, possibly at another location. With the miniaturization of USB Flash drives, it has become easier to misplace them and there is always the chance that it could be stolen and end up in the wrong hands. A recent study found that nearly 50% of people who found a USB flash drive would plug it in to see what was on it. What if someone with malicious intent “borrows” your USB drive without permission and returns it to your desk while you were out to lunch? How would you ever know? With a HackTrap – that’s how you’d know!
For additional recommended reading, please visit our Need to Know page.