Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    [Heads-Up] How Hackers Use Ransomware To Hide Data Breaches And Other Devastating Attacks

    shutterstock_270920828Different sources claim that ransomware attacks are either going up or going down. The very real threat remains though and it is clear that the bad guys are moving from consumers as their target to enterprise, and that they are getting more sophisticated.

    Dan Swinhoe at CSO commented: "This gives ransomware victims another worry in addition to business disruption recovery costs: Was the attack really just to extort money or is it a cover for something more sinister? Answering that question requires ransomware victims to take due diligence steps after the attack."

    He is right. When ransomware is used to cover tracks your forensics needs to be focused the right way.

    Similar to how threat actors use DDoS attacks as a distraction technique to hide more serious attacks going in the background, security researchers are finding that attackers are using ransomware as part of their exit strategy to help cover up and erase clues of a more serious incident. Though delivered through the same means as regular ransomware — usually a phishing email and then a link or attachment loaded with a malicious file — the goal is to both delete potential forensic breadcrumbs and hope organizations don’t investigate further after recovering from the ransomware infection.

    “It’s not uncommon for threat actors to deploy ransomware after they’ve successfully exfiltrated data,” says Liviu Arsene, senior e-threat analyst for Bitdefender. “It’s actually becoming a relatively common practice for threat actors to cover their tracks by dropping ransomware inside an infrastructure after they’ve successfully achieved their goals.”

    Arsene says he has seen this happen with attacks on all verticals ranging from financial to critical infrastructure. “There’s a definite pattern, suggesting it will probably become the standard MO for covering tracks.”

    Another thing to worry about. The full article is at CSO and recommended reading.

    Get Your Ransomware Hostage Rescue Manual

    Ransomware Hostage Rescue ManualGet the most informative and complete hostage rescue manual on Ransomware. This 20-page manual is packed with actionable info that you need to prevent infections, and what to do when you are hit with malware like this. You also get a Ransomware Attack Response Checklist and Prevention Checklist. You will learn more about:

    1. What is Ransomware?
    2. Am I Infected?
    3. I’m Infected, Now What?
    4. Protecting Yourself in the Future
    5. Resources

    Don’t be taken hostage by ransomware. Download your rescue manual now! 

    Get Your Manual

    Or cut & paste this link in your browser:  http://info.knowbe4.com/ransomware-hostage-rescue-manual-0

     

     

    Return To KnowBe4 Security Blog

    Topics: Phishing, Ransomware, Data Breach

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews