Intelligent CIO Europe Issue 57 | Page 22



tTraditional Ransomware vs Modern Ransomware

Ransomware is an old but persistently evolving threat that remains a top cybersecurity risk . Many new ransomware families emerged in 2016 , and in 2017 WannaCry wreaked havoc across the globe . In response organizations strengthened their defenses and ransomware notoriety diminished from a hazard to a nuisance . However , the trend only signified a major turning point for the introduction of modern ransomware .
Ryuk was among the first documented ransomware to operate as modern ransomware . It used Trickbot to propagate using common admin tools for lateral movement . By 2019 , ransomware attacks took on a more targeted approach , which has become the norm entering 2020 . In 2021 we have tracked this continued increase of high-profile attacks including Solarwinds , Colonial Pipeline and Kaseya . Leading to the increased need for SecOps to mandate security across the organization to defend against modern ransomware attacks .
2 . Network reconnaissance and lateral movement : Hacking , open source , and pentesting tools are used to gain deeper access across the enterprise , building an inventory of the network to spread laterally .
3 . Data exfiltration : Before encrypting data , the attacker steals important data that can be used as leverage against the victim . This part is essential for double extortion .
4 . Ransomware deployment : With data stolen , running processes , and services are taken down to ensure effective ransomware deployment . Attackers also remove their footprints by deleting event logs . After the files have been encrypted , the operators declare their demands via a ransom note .
1 . Initial Access
Proactively defending your network , endpoints , email , and hybrid cloud environments against the very first stage of a ransomware attack is critical .
Traditional Ransomware – Shotgun Approach Target : Single device Delivery : Spam or drive-by downloads Impact : Monetize data of victim Disruption : Localized Defense : Malware prevention and remediation
Modern Ransomware – Targeted APT-Like Approach Target : Enterprise wide Delivery : Human operated scripts and malware Impact : Encryption and Data Exfiltration Disruption : Enterprise wide Defense : Layered threat prevention , detection , and response
Download whitepaper here
Four stages of modern ransomware attacks
To better understand the typical modern ransomware attack process , we break down the stages and components used in today ’ s campaigns .
1 . Initial access : Phishing emails , vulnerabilities , or compromised accounts are used to penetrate a system ’ s defense to initiate the attack .
22 INTELLIGENTCIO EUROPE www . intelligentcio . com