Different sources claim that ransomware attacks are either going up or going down. The very real threat remains though and it is clear that the bad guys are moving from consumers as their target to enterprise, and that they are getting more sophisticated.
Dan Swinhoe at CSO commented: "This gives ransomware victims another worry in addition to business disruption recovery costs: Was the attack really just to extort money or is it a cover for something more sinister? Answering that question requires ransomware victims to take due diligence steps after the attack."
He is right. When ransomware is used to cover tracks your forensics needs to be focused the right way.
Similar to how threat actors use DDoS attacks as a distraction technique to hide more serious attacks going in the background, security researchers are finding that attackers are using ransomware as part of their exit strategy to help cover up and erase clues of a more serious incident. Though delivered through the same means as regular ransomware — usually a phishing email and then a link or attachment loaded with a malicious file — the goal is to both delete potential forensic breadcrumbs and hope organizations don’t investigate further after recovering from the ransomware infection.
“It’s not uncommon for threat actors to deploy ransomware after they’ve successfully exfiltrated data,” says Liviu Arsene, senior e-threat analyst for Bitdefender. “It’s actually becoming a relatively common practice for threat actors to cover their tracks by dropping ransomware inside an infrastructure after they’ve successfully achieved their goals.”
Arsene says he has seen this happen with attacks on all verticals ranging from financial to critical infrastructure. “There’s a definite pattern, suggesting it will probably become the standard MO for covering tracks.”
Another thing to worry about. The full article is at CSO and recommended reading.
Get Your Ransomware Hostage Rescue Manual
Get the most informative and complete hostage rescue manual on Ransomware. This 20-page manual is packed with actionable info that you need to prevent infections, and what to do when you are hit with malware like this. You also get a Ransomware Attack Response Checklist and Prevention Checklist. You will learn more about:
- What is Ransomware?
- Am I Infected?
- I’m Infected, Now What?
- Protecting Yourself in the Future
Don’t be taken hostage by ransomware. Download your rescue manual now!
Or cut & paste this link in your browser: http://info.knowbe4.com/ransomware-hostage-rescue-manual-0