Get Insight in an Advanced Ransomware Threat
Cyberthreats, including devious attacks such as ransomware, spyware and malware, are among the most common IT challenges. What would you do in case your data is attacked and held ransom?
Attacks have increased in numbers and complexity and spread to organisations of any size and industry across the globe. As a matter of fact, we need to accept that cyberattacks are more present than ever! They can and will affect both our professional and personal lives. Unless we prepare!
The purpose of an Advanced Ransomware Threat (ART) is to gain access to the most important and valuable assets for ransom, data! The second objective is to make sure no copies are available for restoration. An Advanced Ransomware Attack or also called targeted attack contains often six stages, namely:
Stage 1 – Observation
The malicious actor(s) will start by gathering information on the victim’s people, processes and technology in play.
Stage 2 – Sneak in
Information gained in the previous stage will be used to gain access to the victim’s infrastructure. This is done by seducing someone to click a link!
Stage 3 – Setting up Shop
After the link is clicked it will give the malicious actor(s) opportunity to create a base of operations. It will be setup redundant and highly available. The attackers do not want to lose access to the victim’s infrastructure!
Stage 4 – Elevate Access
While moving through the victim’s infrastructure they want to stay undetected. This way they can snoop around in peace and quiet. Looking for higher value assets to compromise, before moving forward.
Stage 5 – Cripple Recoverability
In this stage the attackers will use the gathered higher value assets to cripple recoverability. They will modify current routines, documentation and systems to reduce or even deny restore capabilities.
Stage 6 – Ransom Declaration
If the first 5 stages where successfully passed the attackers will choose an appropriate time (often just before a long weekend) to encrypt the victim’s data, wipe archives, disable backups and issue ransom demands!
I did a session on the annual Dutch VMUG in 2020 to give insight and educate how an advanced ransomware attack works and how it unfolds almost as an ART work when completed.