How-to defend your company against ransomware attacks?
All your files are encrypted!
Ransomware attacks continue to be one of the main concern for organizations. Cyber threat actors know the impact a successful ransomware attack represents for a company and continue to put efforts in developing their tools, techniques, tactics and procedure making huge profits out of their criminal activities.
The business model of cyber criminal groups involved in ransomware activities is in constant mutation and different groups implement different models. Some groups prefer to implement targeted attack they carefully select their target organizations, manually exploit the infrastructure and execute their attack.
Lately, another way to operate ransomware activities emerged. Like any start-up involved in developing and selling SaaS software, some cyber threat actors developed ransomware as a service platforms or “RaaS”. It permits them to focus on developing their malware and the playbooks to deploy and execute it successfully.
In the cyber security jargon, the group responsible to develop the ransomware and maintain the RaaS infrastructure is named "the ransomware operator". The ransomware operators hire affiliates who are responsible for launching the ransomware attacks. These affiliates stick to a playbook that contains detailed attack steps laid out by the ransomware operators in order to launch the attack.
Fortunately, the cyber intelligence community provides an extensive documentation about the ransomware eco-system. This permits us to identify the most frequently employed tools, tactics, and procedures (TTPs) used by RaaS operators and their affiliates.
This issue of "The Threat Manager" magazine will give you a whole playbook to protect your company from ransomware attacks.
By analyzing the techniques and tactics implemented by cybercriminals, the author provides expert-level advice to set up the best measures to protect your infrastructure.
In this issue:
- How ransomware as a service changes the game
- A brief history of ransomware
- Presentation of the Hive ransomware
- Initial Access - How criminals hack their way into companies and how to avoid it
- How cyber-criminals maintain their access to the victim's infrastructure and the measures you can take against it
- How cyber-criminals extend their attack surface to maximize their impact, how you can detect lateral movement and prevent the attackers from taking control of your infrastructure
- How do cyber-criminals remain hidden on the victim's infrastructure, and how to uncover them
- How ransomware operators add insane pressure on the victims, how to not be the next victim on their list!