-
Understanding ransomware
Defending an organization against the growing threat of ransomware means knowing how ransomware spreads in the first place, and which controls – from technology and business process refinement to employee training – are needed.
Here is the typical progression of an attack:
1. Compromise: Attacker often gains initial access into the system via phishing, unauthorized Remote Desktop Access (RDA), or vulnerability exploitation.
2. Control: Attacker uses established connection to deploy tools to stay hidden.
3. Delivery: Attacker deploys ransomware payload.
4. Theft: Attacker steals sensitive data.
5. Encryption: Attacker triggers ransomware to encrypt victims data.
6. Extortion: Victim is sent a ransom demand.
7. Threat: Attackers may threaten to leak data or resort to other measures of force:
- a. Double extortion: Attacks that feature ransomware encryption and data theft.
- b. Triple extortion: Additional use of distributed denial-of-service (DDoS) attacks to force payment.
- c. Quadruple extortion: Attackers communicate directly with customers, partners and journalists to put extra pressure on the victim organization to pay.