Using Tripwire Enterprise to Protect from Shamoon v2

Shamoon is once again attacking systems in the Middle East, according to multiple reports from security vendors. Shamoon v2, an update to the original from 2012, has put enterprises in the Middle East and other regions on high alert.   

Two Shamoon v2 attacks in November 2016 demonstrated enhanced tactics. Besides erasing user files, it can also render computers unstable and unusable. The second attack also included disrupting a typical countermeasure against wiper attacks by abusing VDI credentials. 

This technical note provides the anatomy of Shamoon malware and outlines the preventive measures you can take with Tripwire’s foundational controls to protect your systems and enterprise.